Issues opeing firewall for SSH/SecureFTP?

["Chris Conacher" <chris_conacher () hotmail com>]

Dear List

I am currently trying to move an organization's current solution of VPN for 
external contractors performing file transfer, to SecureFTP.

My belief has always been that SecureFTP is the appropriate solution for 
secure file transfer and the aim should always be to avoid giving remote 
access to internal networks [especially non-employee] where it is not 
specifically required.

My question is are there any other issues that I should be aware of with 
allowing SecureFTP/SSH through the firewall as one of the standard pushes 
(read knee jerk reactions) against this appears to be that another port is 
opened on the firewall?

1. I have worked in a lot of different organizations where VPN seems to be 
the norm for everyone even where the only requirement is file transfer
2. My belief is that this is because the organization does not appreciate 
the implications of allowing non-employees access to the internal network 
and does not understand that SecureFTP is an appropriate solution
3. I understand that SSH is a great opportunity for tunneling attacks if an 
exploit is discovered, but I feel that there is it possible to manage this 
exposure through the existence of a DMZ based bastion host, rather than 
providing external people with access to the VPN.

Comments appreciated.

Chris

_________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger today! 
http://www.msn.co.uk/messenger

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards