Firewall Wizards mailing list archives
Re: Here is my plan for firewall implementation
From: "See, Matthew" <msee () CCMGATE PERPETUAL COM AU>
Date: Mon, 22 Sep 97 10:17:44 EST
On Sun, 21 Sep 1997, Marcus J. Ranum wrote: > Exchanging data safely is a TOUGH problem. These days I am > leaning heavily towards telling people NOT to use FTP, but to > use web instead. That way you can layer it under SSL if there's > sensitive information going around. The only big drawback is > that, at present, nobody has a decent utility for uploading > files using POST. One method for FTP transfers: 1) Create a hidden directory structure for known people transferring files via FTP. Nobody can read or traverse the structure unless they know the directory names, i.e. /dump/iemc8k/d02kds/eos/. Nobody (including depositors) can read what's in the directories. 2) If you must allow anonmymous FTP: Don't allow people to read what's in the incoming directory. Clean it out every 10 minutes to a 'half-way' directory where data is kept for checking. Nobody can access the data until it has been verified. This was required to keep certain transcient users out of the FTP system at one company. Regards, Matthew.
Current thread:
- Re: Here is my plan for firewall implementation, (continued)
- Re: Here is my plan for firewall implementation Jyri Kaljundi (Sep 21)
- Re: Here is my plan for firewall implementation Bennett Todd (Sep 22)
- Re: Here is my plan for firewall implementation Jyri Kaljundi (Sep 21)
- Re: Here is my plan for firewall implementation Craig Brozefsky (Sep 21)
- Re: Here is my plan for firewall implementation Marcus J. Ranum (Sep 21)
- Re: Here is my plan for firewall implementation Craig Brozefsky (Sep 22)
- NCSA's RECON Service Adept (Sep 22)
- Re: Here is my plan for firewall implementation Joseph S. D. Yao (Sep 22)
- Re: Here is my plan for firewall implementation Adam Shostack (Sep 22)
- Re: Here is my plan for firewall implementation Paul D. Robertson (Sep 23)
- Re: Here is my plan for firewall implementation Alfred Huger (Sep 24)
- Re: Here is my plan for firewall implementation Marcus J. Ranum (Sep 21)