Port 990 (FTPS Control)

Port 990 (TCP) is conventionally used for FTPS (FTP Secure) control connections when using implicit TLS/SSL encryption. Unlike explicit FTPS (using STARTTLS on port 21), implicit FTPS initiates the TLS/SSL handshake immediately upon connection to port 990. This means that the entire control channel, including usernames, passwords, and file transfer commands, is encrypted from the start. The FTPS protocol itself is an extension of the standard FTP protocol, adding TLS/SSL security to the communication. The client connects to port 990, and the server immediately presents its TLS certificate. The client verifies the certificate, and a secure session is established. All subsequent control communication between the client and server occurs over this encrypted channel.

The history of FTPS on port 990 stems from the need to secure FTP communication, especially for sensitive data transfers. While explicit FTPS (STARTTLS) gained wider adoption due to its flexibility and compatibility with existing FTP infrastructure, implicit FTPS on port 990 offered a simpler initial setup for secure connections. The technical details involve the client-server negotiation of TLS/SSL parameters, including cipher suites, key exchange algorithms, and authentication mechanisms. Once the secure channel is established, the FTP protocol operates within the encrypted tunnel, protecting the data from eavesdropping and man-in-the-middle attacks. Data connections for file transfers can be handled in either active or passive mode, with the data also being encrypted over a separate port (usually port 989 for implicit FTPS data connections).

## Firewall Recommendations

If FTPS is required, allowing port 990 is necessary for implicit TLS/SSL connections. However, it is crucial to implement robust security measures. Block the port if FTPS is not in use. When allowing it, ensure the FTPS server is configured with strong TLS/SSL settings, including disabling weak ciphers and requiring valid client certificates for authentication. Regularly update the FTP server software to patch any known vulnerabilities. Implement strong password policies to prevent brute-force attacks. Monitor the port for suspicious activity, such as unusual connection patterns or failed login attempts. Consider using an intrusion detection system (IDS) to detect and prevent attacks. Properly configure firewalls to restrict access to the FTPS server to only authorized IP addresses or networks. Regularly audit the FTPS server configuration to ensure it adheres to security best practices.