>Hi,
>
>I've got a bit of a puzzle. My company would like to be able to ftp
>stuff to and from the mainframe from other organizations (banks etc.)
>They want to do this over the net, the information is rather sensitive
>so it must be secure.
>
>Here's the ideas I've had so far:
>
>A) Place a "Store and Forward" FTP server in our DMZ (Don't allow
>direct connections to the Mainframe). Implement PGP so that files are
>PGP-Encrypted before it's ftp'd.
>
>
>B) Use some type of LAN-to-LAN tunneling hardware. Place a box at our
>end... and boxes at the Bank etc. to create a secure tunnel in which
>files could be transfered. (I'd still use a Store and Forward tunnel)
This option might be a little more expensive, but:
Set you FTP server up on a host with and have it hooked to an
external scsi box that can talk to two hosts at once. Have your
internal machine also hooked up to that box. Run NO OTHER SERVICES on
the FTP machine, and use the most secure FTP server you can find.
While expensive, it's ALMOST an air gap, and as long as you
aren't leaving sensitive data on in the FTP directory you should be
OK.
--
We have only come here seeking knowledge
Things they would not teach us of in college.--The Police
http://www.atypon.com [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
