I have a situation where a client who has a server (not currently on my network. .but in the same building) needs to be able to ftp files to me.
We have firewalls and a DMZ but for some reason on this task I have been told not to consider running the server through them...yet the requirement is that it must be secure...that really has not been defined either...
If we hook up the server to our network it will be on a 5509 we use as an access switch. This 5509 runs 3 or 4 vlans on several floors.
The only thing I can think of is to possibly use port security (basically filtering) by mac address that way if anything attached to that port other than that server the port would shut down. Doesn't seem so secure does it.
The other would be to set up an access list on the port the server is attached to and only allow ftp traffic from that ip address.
I have been told that neither of the above mentioned options are to be considered as well.
To me it would seem more appropriate to run it through our DMZ just like any other outside clients ftp would be done...this one is different because the client's server is already in the building with us.
So I'm coming here for some more enlightened suggestions.
I had considered putting the device on its own vlan...while that segments the traffic (traffic volume shouldn't be an issue with just a little ftp going on)...I'm don't see how another vlan helps me security wise.
I'm just trying to learn of other options that may be available to me...other than what I've mentioned of course. Thanks for the reply
Depending on the answers you might end up with nothing but different VLANs, a simple access-list or a PIX firewall controlling all the traffic.
In any case the security features of a pure LAN switch are fairly limited. To get some more protection you have to be able to at least look at Layer4. i.e. TCP/UDP port level. This requires a router/firewall functionality. In case you have a router/RSM a simple access-list would be probably the simplest yet effective approach given the vague requirements you are facing.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...