Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: General security question
From: Paul Alukal <palukal () yahoo com>
Date: Mon, 13 Nov 2000 08:50:15 -0800 (PST)

Another option (You already got many good

You can try hardware based end to end encryption
between servers. Check out http://www.cryptek.com.
They have something called diamondTek NIC cards with
end to end hardware encryption.

{Disclaimer: I'm not associated with that company or
product, but was asked by a client to help
evaluate/implement this plus few other things, which
I'm planning to do).

-Paul V. Alukal
Secure Digit, Inc.

--- TDyson () sybex com wrote:

We are getting ready to do business with a remote
warehouse.  We will send
them order details, they will ship the order and
send us back shipping

We'll be using a VPN,  I have no idea what security
they have at the other

We are debating communication protocols: sockets
connection or ftp.  We can
send data server to server via a sockets connection,
with a custom listener
at either end.  The listener would be a very dumb
daemon that only
understood a limited protocol.

 The other option is to drop the messages to a text
file and ftp them to a
3rd server.  That 3rd server would be locked down
pretty tightly.  With the
ftp scenario, no outside party touches my accounting
server directly.

It seems to me that the ftp option has inherently
lower risk, but I can't
convincingly explain why to other people on the
project.  They say, "Hey it
is a dumb daemon, not even a telnet session, so what
could possibly be sent
to it to hurt the accounting server."  Um, ah, that
sounds like a gross
simplification to me.

Am I wrong, or can somebody give me a list of
potential security problems
on the socket connection?

Thom Dyson
Director of Information Services
Sybex, Inc.

firewall-wizards mailing list
firewall-wizards () nfr com

Do You Yahoo!?
Yahoo! Calendar - Get organized for the holidays!

firewall-wizards mailing list
firewall-wizards () nfr com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]