Re: Here is my plan for firewall implementation

["See, Matthew" <msee () CCMGATE PERPETUAL COM AU>]

     On Sun, 21 Sep 1997, Marcus J. Ranum wrote:
     
     > Exchanging data safely is a TOUGH problem. These days I am
     > leaning heavily towards telling people NOT to use FTP, but to
     > use web instead. That way you can layer it under SSL if there's 
     > sensitive information going around. The only big drawback is
     > that, at present, nobody has a decent utility for uploading 
     > files using POST.
     
     One method for FTP transfers:
     
     1) Create a hidden directory structure for known people transferring 
     files via FTP. Nobody can read or traverse the structure unless they 
     know the directory names, i.e. /dump/iemc8k/d02kds/eos/. Nobody 
     (including depositors) can read what's in the directories.
     
     2) If you must allow anonmymous FTP: Don't allow people to read what's 
     in the incoming directory. Clean it out every 10 minutes to a 
     'half-way' directory where data is kept for checking. Nobody can 
     access the data until it has been verified. 
     
     This was required to keep certain transcient users out of the FTP 
     system at one company.
     
     Regards,
     Matthew.