May 11, 2023

    Explicit FTPS vs. Implicit FTPS: What You Need to Know

    Explicit FTPS vs. Implicit FTPS: Key Differences Explained
    9:58

    File sharing solutions can be a great asset for you company, but sometimes it can be hard to find the right balance between a solution that’s secure and a solution that’s easy to use. When you find a file sharing option that meets both of those needs, you can increase productivity by making data sharing processes both simple and uniform. You can also keep you data protected, safe from hackers with sinister motives.

    One file sharing method that might be ideal for your company is FTPS. FTPS builds off the simplicity of the traditional FTP data transfers and adds a needed layer of security to keep data protected from prying eyes. In this article, you’ll learn more about how FTPS works and how it protects your sensitive files. You’ll also explore the differences between the types of FTPS you can use – explicit vs. implicit FTPS.

    What is FTPS?

    Before diving into the differences between explicit vs. implicit FTPS, let’s first look at what FTPS is and how it differs from the traditional FTP data sharing. When FTP (file transfer protocol) was first used, there was virtually no way to protect your data. Now, FTPS allows you to protect data, which still taking advantage of the simplicity of FTP.

    FTPS essentially addresses security gaps you face when only using FTP. FTPS stands for file transfer protocol SSL (secure sockets locker). SSL is a cryptographic protocol that encrypts the data being transferred. The term SSL is generally used interchangeably with TLS or transport layer security, with TLS v1.2 actually being the most current non-vulnerable protocol.

    One of the biggest drawbacks of using FTP alone is that your data is sent unencrypted -- even your usernames and passwords while logging in. So, anyone could intercept and understand this sensitive data. Using FTP alone could lead to serious data breaches for your company. With FTPS, you data is scrambled and inaccessible to anyone but the sender and the recipient. Only the two approved entities – the sender and the recipient – can exchange data securely.

    When sharing data via FTPS, you can use either explicit FTPS or implicit FTPS. Explore the difference between explicit vs. implicit FTPS connections, and learn which one of these secure file sharing options is better for your company to use.

    Explicit FTPS: A General Understanding

    Explicit FTPS is the newer method of FTPS transfer and has generally overtaken implicit FTPS use, with the exception of legacy systems. When explicit FTPS is used, a traditional FTP connection is established on the same standard port as FTP. Once the connection is made (before login), a secure SSL connection is established via port 21.

    Today, explicit FTPS (also FTPES) is supported by the majority of FTP servers since it is an approved, standard way of protecting data. With explicit FTPS, before a transfer can begin, the client will request encryption information to determine what portions of the data is protected. If the client hasn’t set up these security requests, one of two things occurs – either the connection is declined, or the transfer is made insecurely using the basic FTP protocol.

    Explicit FTPS inherently provides users with flexibility regarding how files are sent. So, you could choose to send data unencrypted, but protect your user credentials, or you could protect all information sent in a transfer. The client can decide how secure they want file transfers to be.  The server can also disallow insecure requests, thereby forcing the client to use FTPS and not FTP.

    Implicit FTPS: What You Need to Know

    Implicit FTPS was the first method created to encrypt data sent “via FTP”; although a different port is used. When using implicit FTPS, an SSL connection is immediately established via port 990 before login or file transfer can begin. If the recipient fails to comply with the security request, the server immediately drops the connection.

    Implicit FTPS is actually more strict than explicit FTPS when it comes to establishing a secure connection. In fact, the entire FTP session is encrypted, in contrast to flexibility you have when using explicit FTPS. However, implicit FTPS is considered a deprecated protocol, meaning that it not the current standard. 

    Some FTP providers only use implicit FTPS. In these cases, port blocking to prevent non-secure FTP connections, and because explicit FTPS starts by making an FTP connection, this prevents explicit FTPS transfers, too. So, although implicit FTPS is a depreciated protocol, some providers still require it.

    It’s important to remember that not all FTP providers facilitate both explicit vs. implicit FTPS, so you may be limited by the provider you select for your file sharing needs. If you don’t want to choose between explicit vs. implicit FTPS, you do have options. A top file sharing host like Sharetru enables both protocols, so you can use either or both at the same time.

    A Side by Side Comparison of FTPeS and FTPS

    While they share a common goal of secure data transfer, there are nuanced differences between FTPS (FTP Secure) and FTPeS (Explicit FTPS) that could influence your choice depending on your specific needs. In the table below, we delve into a comprehensive comparison of these two protocols, examining features such as encryption, connection setup, firewall configuration, security, port usage, compatibility, certificate management, data integrity, and authentication. This comparison aims to provide a clearer understanding of FTPS and FTPeS, helping you make an informed decision for your data transfer needs. Please note that the specifics of port usage, compatibility, and other features can vary depending on the specific software and configuration used.

     

    Feature

    FTPS (FTP Secure)

    FTPeS (Explicit FTPS)

    Encryption

    Provides encryption, ensuring data security during transfer.

    Also provides encryption, ensuring data security during transfer.

    Connection

    The client and server negotiate the encryption to use for the connection during the initial connection setup.

    The client explicitly requests encryption. The server can refuse the request, and the client can then decide whether to send data over an unencrypted connection.

    Firewalls

    Can be more challenging to configure with firewalls due to the need for multiple ports.

    Also can be more challenging to configure with firewalls due to the need for multiple ports.

    Security

    High level of security due to encryption.

    High level of security due to encryption, with the added flexibility of allowing the client to decide whether to proceed with an unencrypted connection if encryption is refused.

    Port Usage

    Typically uses port 990 for the control channel and port 989 for the data channel.

    Typically uses port 21, the standard FTP port, for both control and data channels.

    Compatibility

    Not all FTP clients support FTPS.

    More widely supported by FTP clients due to its use of the standard FTP port.

    Certificate Management

    Requires management of SSL certificates for server authentication.

    Also requires management of SSL certificates for server authentication.

    Data Integrity

    Ensures data integrity through the use of SSL/TLS encryption.

    Also ensures data integrity through the use of SSL/TLS encryption.

    Authentication

    Supports both anonymous and authenticated connections.

    Also supports both anonymous and authenticated connections.

     

    The Benefits of FTPS: A Recap

    So, what does all of this mean for your company? FTPS is a commonly used and simple way to protect your data. And partnering with a vendor that facilitates FTPS transfers helps you strike the needed balance between security and usability. You don’t give up the familiarity and simplicity of FTP data sharing, but you don’t need to worry about sensitive data being intercepted. 

    So, why should you choose FTPS over another file sharing protocol like SFTP? Whether you’re using implicit or explicit FTPS to share files, there are a few benefits you’ll reap. 

    • FTPS is easy to understand and commonly used in professional environments.
    • FTPS adds security to an already familiar protocol.
    • It is easy to implement since it uses FTP as its foundation.
    • FTPS facilitates server-to-server file transfers.
    • Troubleshooting is simple as connections can be read by humans.
    • Mobile devices support FTPS.
    • Security is enhanced by strong SSL/TLS authentication systems.
    • FTPS works in some FTP-enabled operating systems (unlike SFTP).
    • Numerous web interaction structures support FTPS assistance, and FTPS has built-in support in .NET Framework.

    FTPS doesn’t require you to sacrifice usability for security. You can still use FTP if that’s a protocol you’re comfortable with, but your file sharing is enhanced by increasing security with SSL/TLS.

    What if you want to use explicit FTPS sometimes, but other options like implicit FTPS, too? With Sharetru, you have the flexibility to transfer files using any protocol you want, including both implicit FTPS and explicit FTPS. You can use the appropriate protocol at the appropriate time, and you can also permit your users and clients to use different protocols, too.

    Ultimately, the best way to determine if you need to use explicit vs. implicit FTPS is by evaluating your company’s specific file sharing needs. Look at who your sharing files with, like internal or external entities. Also, consider which option is easiest for your employees to navigate. Both explicit and implicit FTPS protect your data, and with the right file sharing solution provider, you don’t have to worry about data compromises. And with a provider like Sharetru, you have the flexibility to use whichever protocol is ideal on case-by-case basis.

     

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts