Are you, and your management happy to have your system open to a bulk data dump into it?
Are you, and your management sure that your firewall is, and after MS (etc.) fixes will be hard enough to only allow that 1 source to pump data onto your system Me - I'd be asking for pull access to their systems so I can get that data when my systems are prepared for it. BUT, and it's a big BUT Is this data arriving as part of an ongoing input - as in batches of data arriving all through the day (and night) for processing when you initiate, or the arrival is detected and the system initiates a batch process. If that is the case then you have to accept it being dumped onto you. In that case it's better to have a 'firewall system' to just accept that input and put the data on shared (network) storage. Then have a batch process take it from the shared store, record it's detection, post it to archival storage and a place to be processed from, and then, as a record of completion, prepare a list of data files (batches) to be processed by the main data validation and processing system. That transfer facility can do some minimal validation - CRC/hash/MDF5 - batch totals, content format. Consistency for its type and source authority. I worked on a system where electricity usage, customer (and data) management commands, and customer details were 'delivered' over the web, and until the buffering system was implemented there were all sorts of problems. Not least of all - the sources were from various OS's with filenames not constrained to be acceptable to the processing app, OS and archival/file management facilities As in 300char names with things like periods, \|/£ " included in the namestrings. JimB -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David McSpadden Sent: Thursday, December 18, 2014 8:36 PM To: [email protected] Subject: RE: [NTSysADM] Weird request from a vendor Vendor x wants to send lending information over port 443 to a webserver on my network that will have a webservice injecting data into a SQL database. So I ask them if we couldn't just create a vpn tunnel from their server through my firewall to the webservice running internally. They reply no just open your firewall and whitelist our address then nat the traffic to the webservice. I am a little more than wondering how they get away with this format for shipping data to financial institutions? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kurt Buff Sent: Thursday, December 18, 2014 3:32 PM To: [email protected] Subject: Re: [NTSysADM] Weird request from a vendor On Thu, Dec 18, 2014 at 12:26 PM, David McSpadden <[email protected]> wrote: > You ever heard of someone whitelisting a server on the Internet to > push data through a firewall on port 443? More details needed, but yes, I've put up firewall rules for specific ports and addresses. Very common. Kurt This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
