Can you briefly compare FTP vs. TFTP and explain what each is used for?
Both the File Transfer Protocol (FTP) and the Trivial File Transfer Protocol (TFTP) are used to transfer files between systems. FTP is a widely used protocol that allows the remote user to navigate the server's file structure and upload and download files. TFTP is a simplified alternative to FTP that provides no authentication and is most often used to transfer configurations to and from network devices.
Here's the catch: both FTP and TFTP are inherently insecure protocols. They do not use encryption and allow both authentication and file data to traverse the network in the clear. Consider using these protocols only when sharing non-sensitive data with the general public (i.e. operating a public, anonymous download FTP site) or operating in an inherently secure environment (e.g. a private management network).
Fortunately, there is a secure alternative to these protocols. The secure FTP protocol uses the Secure Shell (SSH) protocol to encrypt standard FTP communications and provide confidentiality in transit.
- See why some companies have transitioned to secure FTP servers.
- A SearchSecurity.com reader recently asked Mike Chapple, "What OSI Layer 4 protocol does FTP use to guarantee data delivery?"
Related Q&A from Mike Chapple, Enterprise Compliance
The HHS security risk assessment tool is designed to help healthcare providers meet the HIPAA security requirement. Expert Mike Chapple explains how ...continue reading
PCI DSS requirement 6.6 demands application security compliance through one of two options: an application firewall or a code review. Expert Mike ...continue reading
Are HIPAA-compliant hosting services a better option for compliance than a secure storage API? Expert Mike Chapple analyzes.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.