Pay attention all you wine aficionados; Sorry to disappoint you, but we will not be discussing the delicious port wine in this post. This page is all about computer networking and data transfer protocols. So, if you consider yourself to be a computing enthusiast - then you’ve come to just the right place.
What are ports?
Ports are virtual communication endpoints that make it possible for computers and servers to connect and transfer data between them in TCP and UDP based networks. In order to connect to a particular server, the server’s IP address and a port to connect to are required. While an IP address is required to identify and connect to a specific server, port numbers are used to indicate which application or service on the server you are attempting to communicate with.
Each Port is assigned with a different number to indicate a specific service and hosts may listen to ports between 0 and 65,535 per IP address. While some applications may alter their port number, there are a few defaults that usually remain untouched. For example: port 80 for HTTP, port 25 for SMTP and port 21 for FTP.
What is FTPS?
FTPS, also known as "FTP over SSL” or “FTP with Security”, is a secure file transfer protocol that was a result of a much needed layer of security to add to the anachronistic FTP (file transfer protocol), while keeping the original protocol relatively unchanged. As an analogy, FTPS is to FTP like HTTPS is to HTTP. When using FTPS, data travels through the network using either the Transport Layer Security (TLS) protocol or, the now obsolete, Secure Sockets Layer (SSL) protocol. Both protocols are responsible for encrypting the data going to and fro between the server and client.
FTPS offers two methods to apply encryption to the FTP session and they use different ports. The first method is called the implicit method in which the client connects to the server’s port 990, which offers only encrypted sessions, and after logging in, another channel for data is opened over other ports depending on the server’s mode.
When using the second method, the explicit method, the client connects to the regular FTP port - port 21, asks to turn SSL on in order to encrypt the communication over this channel, continues with the authentication process, and proceeds to open the data channel too. If you wish to go more in depth, you can read about the methods here.
As for which ports are used to upload or download data - that depends on the server’s mode. When using the active mode, a connection will be initiated by the server from the server’s port 989 in the implicit method, or from port 20 in the explicit method to the client’s control port+1. Due to its incompatibility with firewalls and the access requirement to a client behind a NAT, the active mode is hardly ever used. In the passive mode, the server assigns a random port within a wide range and tells the client to connect to it.
Risks of opening multiple ports and the alternative
Opening multiple ports can be a security risk when it comes to configuring firewalls and NATs, which is why we recommend choosing a simpler and more secure file transfer protocol: SFTP.
SFTP is a secure file transfer protocol that is favored by many organizations, big and small and is proven to be secure, it’s most desirable trait. SFTP relies on the SSH protocol for authentication and implements the file transfer and remote file access service and only uses a single port between the client and the server.
If you have users who ask to connect your server via FTPS, don’t worry. You don’t have to choose one over the other. SFTP To Go allows for protocol flexibility and then some. SFTP To Go is a fully managed SFTP as a Service that allows you to manage your files through both SFTP and FTPS as well as an Amazon S3 endpoint and HTTPS to access files you choose.