In regard to your search for an encrypted FTP solution for NT (intranet and
extranet and also multiplatform) I refer you to
http://morgansw.com/pdmbp.htm
______________________________ Reply Separator _________________________________
Subject: NT/Firewall-1 Elementary Questions
Author: [EMAIL PROTECTED] (Tom Tomasovic) at Internet
Date: 7/15/99 9:07 AM
Hi all!
Looking for some advice/assistance with Firewall-1.
Platform: NT
Questions re: Authentication, Encryption
Scenario:
We are about to install Firewall-1to protect an extranet server and our internal
network. The web server will be in a DMZ, and we would like to encrypt file
transmissions to our clients. We would also like to be able to authenticate
clients. Our consultant has suggested authentication at the firewall (as
opposed to at the web server), using some system other than NT Security. He has
also suggested using Checkpoint's encryption capabilities (as opposed to SSL),
and he says that (to a 'limited' extent) those capabilities are included in the
basic Firewall-1 product. He also indicates that this would make SSL
unnecessary and would allow us to do any sort of communications (e.g., FTP) in
an encrypted environment.
I have several questions about this configuration.
1. Is any sort of encryption included with the 'basic' Firewall-1 license? (I
have not been able to find much information on the Checkpoint site other than
that they have an encryption module, although I have not done an extensive
search.)
2. If encryption is included (and it is not SSL), what is necessary at the
client level to use this encryption?
3. Does the idea of forsaking NT security for authentication at the firewall
make sense, i.e., is that route SIGNIFICANTLY more secure? (I am not talking
here about using SecureID or some other token mechanism, although that is a
future option.)
4. Does authentication at the firewall (with Checkpoint) limit our flexibility
in controlling access to specific resources? (I know we could always impose NT
security on top of firewall authentication, but it would add to the 'client
burden' and also to the administrative headaches.)
5. Does anyone know of specific NT products which will allow encryption of FTP
transfers? (I have searched with little success.)
6. One of the options I am considering is setting up an 'FTP-like' directory
where files would be listed and the clients could then click on them to
view/download them. If this particular directory were set up to require HTTPS,
would that result in encrypted file transfers? (I am disregarding the issue of
HTTPS performance vs. FTP, so please don't tell me it would be slower to do it
that way.) I have enabled a 'test' directory on one server and required the use
of HTTPS to hit that directory. It works as I suspected (i.e., the directory
can't be accessed using HTTP), but I am not sure whether this ensures that files
accessed from this page would be transferred encrypted.
A lot of questions here, and I sincerely appreciate any constructive input.
These lists are great resources, and I hope these questions will also be useful
to other 'fledgling' security people.
Thanks and regards to all,
Tom
==============================================
The opinions contained herein are mine and mine alone.
==============================================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Received: from mimesweeper2.sec.gov (162.138.246.4) by smtpgate.sec.gov with
SMTP
(IMA Internet Exchange 2.11 Enterprise) id 000830F4; Thu, 15 Jul 99 10:28:29
-0500
Received: from secfw2.sec.gov (unverified) by mimesweeper2.sec.gov
(Content Technologies SMTPRS 2.0.15) with SMTP id
<[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>;
Thu, 15 Jul 1999 10:17:20 -0400
Received: by secfw2.sec.gov; id KAA05714; Thu, 15 Jul 1999 10:16:17 -0400
Received: from beasley.paix.gnac.net(209.182.195.70) by secfw2.sec.gov via smap
(/2.1+anti-relay+anti-spam)
id xma005590; Thu, 15 Jul 99 10:15:54 -0400
Received: (from majordom@localhost)
by beasley.paix.gnac.net (8.8.8/8.8.8) id GAA15837
for firewalls-include; Thu, 15 Jul 1999 06:32:58 -0700 (PDT)
Received: from nitro.healthfirst.org (healthfirst.org [209.109.11.33])
by beasley.paix.gnac.net (8.8.8/8.8.8) with SMTP id GAA15783
for <[EMAIL PROTECTED]>; Thu, 15 Jul 1999 06:32:49 -0700 (PDT)
Received: from ccMail by nitro.healthfirst.org
(IMA Internet Exchange 2.12 Enterprise) id 0003400E; Thu, 15 Jul 1999 09:08:33
-0400
MIME-Version: 1.0
Date: Thu, 15 Jul 1999 09:07:51 -0400
Message-Id: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED] (Tom Tomasovic)
Subject: NT/Firewall-1 Elementary Questions
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Precedence: bulk
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Description: cc:Mail note part
