Re: Here is my plan for firewall implementation

See, Matthew (mseeCCMGATE.PERPETUAL.COM.AU)
Mon, 22 Sep 97 10:17:44 EST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Benoit Dicaire: "Re: NAT!!"
• Previous message: Marcus J. Ranum: "Re: Here is my plan for firewall implementation"
• In reply to: Craig Brozefsky: "Re: Here is my plan for firewall implementation"
• Next in thread: Peter Jeremy: "Re: Here is my plan for firewall implementation"

     On Sun, 21 Sep 1997, Marcus J. Ranum wrote:
     
> Exchanging data safely is a TOUGH problem. These days I am
> leaning heavily towards telling people NOT to use FTP, but to
> use web instead. That way you can layer it under SSL if there's
> sensitive information going around. The only big drawback is
> that, at present, nobody has a decent utility for uploading
> files using POST.
     
     One method for FTP transfers:
     
     1) Create a hidden directory structure for known people transferring
     files via FTP. Nobody can read or traverse the structure unless they
     know the directory names, i.e. /dump/iemc8k/d02kds/eos/. Nobody
     (including depositors) can read what's in the directories.
     
     2) If you must allow anonmymous FTP: Don't allow people to read what's
     in the incoming directory. Clean it out every 10 minutes to a
     'half-way' directory where data is kept for checking. Nobody can
     access the data until it has been verified.
     
     This was required to keep certain transcient users out of the FTP
     system at one company.
     
     Regards,
     Matthew.

• Next message: Benoit Dicaire: "Re: NAT!!"
• Previous message: Marcus J. Ranum: "Re: Here is my plan for firewall implementation"
• In reply to: Craig Brozefsky: "Re: Here is my plan for firewall implementation"
• Next in thread: Peter Jeremy: "Re: Here is my plan for firewall implementation"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:08:58 CDT