Linoma: DMZ Gateway Tightens File Transfer Security
November 15, 2011 Dan Burger
File sharing among business partners is a common practice. Unfortunately, being careless about it is also a common practice. Security is often imagined to be better than it really is and sometimes not thought of at all. Even companies that are paying attention to this topic–perhaps because it is mandated by one of the regulatory compliance laws–may not have discovered the best practices for secure transfers.
Linoma Software recently released a white paper report on the topic of DMZ gateways that provides solid advice on file transfer security.
The DMZ (demilitarized zone), also known as a perimeter network, is found outside the local area network. It is usually where you find Web servers, email servers, and FTP servers, which are protected by firewalls on the front end and back end. Shared files are uploaded to a server in the DMZ, where they can be vulnerable despite the firewall protection to various dangerous exploits beginning with access to files (even encrypted files can be at risk), access to user credentials, access to file sharing software, and the potential to create “back-door” accounts.
A DMZ gateway security strategy involves moving the file sharing away from the DMZ and into private networks without open inbound ports. The specifics on how this works and why it is effective are covered in this report. Included is information on writing (and sometimes eliminating) scripts that manage transfers.
Linoma’s chief architect Bob Luebbe authored the report, which is titled “DMZ Gateways: Secret Weapons for Data Security.”
Luebbe describes a DMZ gateway as a tool that is installed in front of a secure FTP server within the DMZ. The tool acts as both a reverse proxy and a forward proxy that handles all the file transfer activity. It provides audit trails that meet compliance regulations and includes administrative capabilities. In addition, it requires no changes from partners that are trading information.
Linoma has a gateway product called GoAnywhere Gateway. It installs on Windows, Linux, AIX, Solaris, and other Unix variations.
The DMZ gateway white paper can downloaded at www.goanywheremft.com/resource-center/white-papers.