Posts Tagged dmz

Sign Up for the FREE Secure File Transfer Webinar Series

Posted by on Wednesday, 30 September, 2015

Linoma Software is hosting a FREE October Webinar Series on the advantages of securing your system-to-system and person-to-person file transfer processes.  Please take a moment to register for one, or both, of these informative live presentations.

Webinar: Get Your FTP Server in Compliance
Get Your FTP Server in Compliance

Are you still running an outdated FTP server in your DMZ? Does your FTP server have the security controls and audit reporting needed to meet the latest PCI and HIPAA compliance requirements?

GoAnywhere goes beyond a typical FTP server by providing the enterprise-level features and security you need to get compliant.

FREE WEBINAR: Now Available On-Demand

We demonstrate GoAnywhere and how to:

Use SFTP, FTPS and HTTPS for file transfers
Protect files at rest and in motion with AES 256 encryption
Set triggers to automatically process files
Control access to private and shared folders with granular permissions
Generate detailed audit logs and reports

Register Now

3 Advantages of an On-premise Solution for File Sharing

Are you looking for a better solution than cloud-based file sharing services like Dropbox to transmit sensitive company data?

Put an end to employees using unsecure cloud-based file sharing services. Improve compliance and cut the risk of sensitive company data falling into the wrong hands.

FREE WEBINAR: Now Available On-Demand

We cover the three advantages of an on-premise product for Enteprise File Sync and Sharing (EFSS):

Local management of user accounts and files
End-to-end encryption of files at rest and in motion
No monthly user subscription fees or storage limits

Register Now

Join us for these complimentary webinars to get a valuable tour of GoAnywhere MFT. Linoma’s engineers will be on hand during the webinars to answer your technical questions.

SFTP Server in the DMZ or Private Network

Posted by on Wednesday, 19 March, 2014

Many organizations have an SFTP server installed where their trading partners can connect to securely upload and download sensitive files.

SFTP Server in the DMZ

Traditionally SFTP Servers have been installed in the DMZ (or public facing) segment of the network since organizations were fearful of opening inbound ports into the Private (internal) network.

sftp server - DMZ

Keeping the SFTP Server in the DMZ, however, has posed several problems.  The primary issue is that files have to be stored in the DMZ when they are dropped off by partners, or otherwise staged temporarily for pickup. Those staged files have a higher risk of being accessed by hackers since the DMZ is more exposed to the Internet.  You could require those staged files to be encrypted with something like Open PGP, but many auditors don’t like to see any sensitive files in the DMZ, encrypted or not.

Another issue is that you often have to write scripts to copy the files back and forth between the DMZ and private network, which takes programmer effort and can lead to errors.

SFTP Server in the Private Network

To keep sensitive files out of the DMZ, some organizations have moved their SFTP server into the private network.

sftp server - private network

This approach eliminates the need to write scripts for moving files back and forth.  The big downfall of this approach is that ports were traditionally opened into the private network for trading partners to gain access to the SFTP server.  These open ports could create a potential risk for attackers to gain access to the private network.  In today’s security-conscious environment, most IT auditors do not like to see any inbound ports opened into the private network… especially if you are storing sensitive PCI or HIPAA data on those servers.

Gateway in the DMZ while keeping the SFTP Server in the Private Network

An approach that is quickly gaining in popularity is to implement a gateway component in the DMZ.  The gateway will serve as an enhanced reverse proxy which does not require inbound ports into the private network. 

sftp server - gateway

At startup time, the SFTP server will establish a special control channel with the gateway, which is kept alive continuously.  When partners connect to the gateway, it will make requests over the existing control channel to the SFTP server.  The SFTP server will then open any data channels needed back through the gateway to service the trading partners.  The whole process is transparent to the trading partners.  No data is ever stored in the DMZ since it is simply streamed through the gateway.

A gateway in the DMZ therefore solves two major security issues:

  1. No files need to be stored in the DMZ, including user credentials
  2. No inbound ports need to be opened into the Private network

Since a proprietary control channel is used to communicate between the gateway and the SFTP server, you will need to purchase both components from a single vendor.  When looking for the right gateway for your organization, make sure it is easy to set up and manage.  It is critical that it does not require inbound ports into the private network or require any data to be stored in the DMZ.

Contact a Linoma Software representative today to learn more about an enhanced reverse proxy solution on your network.