IT OT Convergence

FTPS

2 min read

What is FTP?

FTP stands for File Transfer Protocol and is a long-established network protocol used to transfer files between computers over a TCP/IP network. It is an old and unencrypted protocol originally designed for simplicity, not security.

In OT environments, FTP used to be widely used for transferring recipes, logs or configurations, but is now strongly discouraged due to security risks.

🧠 How does FTP work?

  1. FTP uses two ports:
  • Port 21 for commands
  • Port 20 for data transfer (active mode)
  1. A connection session is established between client and server
  2. Files are transferred without encryption
  3. Users sign in with a username and password (also in plaintext)

FTP provides no built-in encryption — everything is sent unencrypted, including passwords.

🏭 Use of FTP in industrial networks

  • Legacy support for older PLC, HMI or SCADA systems
  • Transfer of process data or logs to external systems
  • Used for firmware distribution or configuration uploads
  • Some older Historians only support FTP

⚠️ Note:

  • Man-In-The-Middle attacks are easy when using FTP
  • FTP is often non-compliant with modern security standards
  • Replace FTP with SFTP or FTPS wherever possible

🔍 FTP vs. SFTP vs. FTPS

Protocol Encryption Use in OT Port
FTP ❌ None Legacy systems, not secure 21 / 20
SFTP ✅ Via SSH Recommended, modern 22
FTPS ✅ Via TLS Compatible with some IT systems 21 / 990

🔐 Security aspects

  • FTP transmits passwords and files in plaintext
  • Vulnerable to sniffing, spoofing and session hijacking
  • Unsuitable for production environments with high confidentiality and integrity requirements
  • Use only within isolated networks without internet connectivity
  • The FTP server should be restricted via Access Control, Firewall, and logging

Modern OT security guidelines such as IEC 62443 or ISO 27001 explicitly advise against the use of FTP.

📌 In summary

FTP is an insecure, outdated protocol still found in legacy OT systems, but should be replaced wherever possible by encrypted alternatives such as SFTP or FTPS.

Graph View

Backlinks