The modern Internet is a multitude of computers, interconnected by special information exchange protocols. HTTP, HTTPS are used to display sites , and FTP, SFTP and FTPS are used to exchange large files. We'll figure out what an FTPS server is. We will also learn how to work with it.
What is FTPS?
The name of the protocol can be divided into two parts: FTP + SSL or FTP + TLS (developed version of SSL). The first part is the main one and is short for File Transfer Protocol - file transfer protocol. This method of data exchange is not standardly encrypted, so files sent via FTP are easy to intercept and crack. Hackers used these features to steal important documentation from company servers.
To correct the lack of information security, we developed the FTPS protocol. In it, all the transferred files are first processed via SSL or TLS (encryption protocols), so the commands and packages during the move have an illegible look for scammers, for example, instead of βHelloβ comes βGTYSLβ. On the server, all the code is turned back into logical expressions.
We can summarize the question of FTPS - what is it and what are its functions. This is a secure FTP protocol. Now, when transmitting information, you can be sure that the files will remain known only to authorized users. Do not confuse FTPS and SFTP, these are different protocols and work on different principles.
How to transfer the server to FTPS
Some do not know what an FTPS server is. This is the computer on which the files are stored, it works the same as the FTP server (transfers files at the request of the client). Except that before the start of file sharing, all information is encrypted.
To protect the file server from unwanted intrusion, you will need to create a digital certificate. If you are using Filezilla Server, then go to the SSL / TLS settings section for this. Here you will need to create a new certificate, which contains information about the country code, organization name, etc.
The certificate can be obtained free of charge through Filezilla or through other services. For local access, a self-signed certificate is enough, but for public activities these measures will not be enough, and the certificate can be purchased from a certification authority.
FTPS connection
To better understand what FTPS is, consider the protocol operation method. Unlike FTP, when connecting, the client can request a secure connection, for example, a separate port with encryption. Consider the certificate request algorithm in more detail:
- The client requested data encryption (sends the CSR request code).
- The server agrees the encryption algorithm and sends the client an SSL certificate for verification and a public key from the RSA cipher.
- The client reads the information from the certificate and contacts the center that issued the certificate. If the certificates on the center and server are the same, then the verification is completed and the connection continues. Otherwise, the connection is interrupted and an error code is sent to the server.
- If the verification is successful, the client creates an encrypted session key (for encrypting files) and it is sent to the server. For this, random numbers and RSA encryption with public and private keys are used.
- The server receives the key and decrypts it. In the future, this key is used to encrypt all sent and received files.
After receiving the session secret key, data transfer begins. The key is checked with every new request, all data inside the FTPS protocol is securely encrypted.
Connection reliability
Thanks to TSL / SSL certificates, phishing can be eliminated. Authentication allows the browser to know for sure that its data is sent in encrypted form to the specified server, and not to the computer of the attackers. It is especially important to use encryption when entering personal information, bank card numbers, etc.
For complete confidence, you can require the use of a digital certificate not only from the server, but also from the client. Such precautions are relevant to use in banks, for example, when transmitting important information about the customer base.
Even if an attacker manages to obtain files from the FTP protocol, then all of them are encrypted, and it is impossible to read their contents without a secret RSA key.