|
If the partner owns all the addresses in the range you are opening, perhaps it is not as big a security issue. Although even if they do, you are allowing anyone from that company to at least connect to your AS400 and TRY to FTP. I am not really clear on why it is a security risk for them to provide you with an IP that they will be coming from. They should not need to allow any traffic from you in to them as long as they are initiating the FTP. They would start the session and your firewall would let them enter and pull data back to them, all within the session they started. There would be no need for a firewall rule to allow you to connect to them. As someone else mentioned an intermediate server may be an option, but even that needs to be 'open' to the outside and I am not so sure I'd want a Windows sever being my FTP server, unless you put it in a DMZ type area of your LAN where people can get in to it, but if it is compromised, they cannot get further back in to your LAN. Many firewalls have this type of feature to allow LAN traffic to talk to the DMZ zone (for you to put your file out to the server), but DMZ machines are not allowed to talk back in to the LAN. Linux server would also be a possibility and much easier to lock down and less vulnerable for sure. But if I were using an intermediate server, I'd try my best to set it up as I suggested, away from your LAN. Brian -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Jim Franz Sent: Wednesday, February 18, 2004 11:20 AM To: MIDRANGE-L@xxxxxxxxxxxx Subject: trading partner security A trading partner wants to use ftp to get a daily file off our ifs, but is adamently refusing to specify a single ip they are coming from, saying that is a security risk to them, and has given us 3 ranges totalling over 700 addresses. I don't have a problem but our firewall person is freaked and refuses. I assume they have a herd of routers and servers in their farm. note: partner is defense related. 400 has decent ftp exit control. should i worry? jim _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.