>
> Securing Incoming ftp with a firewall + strong authentication (as SecurID)
> works fine as long as file transfer is done in "foreground", with a human
> user typing SecurID's response.
...
> A system could be NOT to give access THROUGH the firewall, but to manage,
> ON the firewall, a spooling area, receiving the files. A special file,
> transferred after all the regular files, would mark the end of the transfer,
> and contain MACs of the regular files, (MACs made with a secet shared
> between the source and the dest parts). So the destination (inside) may
> authenticate that the source (outside) is the real originator. The dest
> part also knows that the transfer is not completed until the end mark is
> there, and verify the integrity of the files.
>
> Spooling area ? Anonymous ftp does provide one. Not confidential at all.
> But something as the sub-logins of anonymous ftp, just protected by a
> simple passwd, each sub-login giving access to an area accessible only
> from it (= protection 700). This may seem strange. I think that it makes
> sense, not for "very" confidential files, but that kind that you would'nt
> encrypt, but that you wouldn't leave in a public area too.
>
> Yes, you also need all a stuff to manage the spool, to notify source and
> destination, etc... and in a such a way that makes the system safe and
> reliable...
>
> I would greatly appreciate your opinion on the scheme described above ;
> or on any other that would be a better Secure Batch FTP system.
>
> And if something like this does already exist, please let me know.
> I already had a look at BFTP (that implements rfc1068) and batchftp,
> but they don't solve the firewall side of the problem. Moreover, I
> am not sure that BFTP's "intermediate "system controlling
> transfer between source and destination is the good approach in this
> case.
One way to use anon-ftp (or any user that is chrooted like
anonymous/ftp) to provide a secure dropoff/pickup is to use blind
directories: Don't allow read/execute permission on directories.
Filenames can be made sufficiently long and random to prevent the
possibility accidental discovery.
I could put up files and be relatively certain that only the
appropriate user received them. Of course, logging would verify this
and the file could be encrypted.
Similarly, a person dropping off a file could be required to name it
in an agreed upon way. A write only file could be provided as a
dropoff point.
> Cheers
>
> Email : Yves .
Dherbecourt @
der .
edf .
fr #
sdw
--
Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager
LIG dev./sales Internet: sdw @
lig .
net sdw @
meaddata .
com
OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together
References:
|
|
