Maybe they're assuming that port 443 means you have a certificate installed on your web server?
As in, they wouldn't provide one to you if they're connecting to your server. If so, just slap a publicly issued cert on your web service, and presuming their client understands TLS (and it should, since it's consuming a web service), instant encryption. Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of David McSpadden Sent: Friday, 19 December 2014 8:03 AM To: '[email protected]' Subject: RE: [NTSysADM] Weird request from a vendor I am. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Micheal Espinola Jr Sent: Thursday, December 18, 2014 3:59 PM To: ntsysadm Subject: Re: [NTSysADM] Weird request from a vendor Are you implying that certificates to encrypt the traffic are not going to be involved? -- Espi On Thu, Dec 18, 2014 at 12:53 PM, David McSpadden <[email protected]<mailto:[email protected]>> wrote: Absolutely not encrypted. They are relying on the 443 to make it private. Cracking me up. -----Original Message----- From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Kennedy, Jim Sent: Thursday, December 18, 2014 3:46 PM To: '[email protected]<mailto:[email protected]>' Subject: RE: [NTSysADM] Weird request from a vendor You control the source, you control the destination. I would assume it will be encrypted....verify that. If yes, I don't see the problem. -----Original Message----- From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of David McSpadden Sent: Thursday, December 18, 2014 3:36 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Weird request from a vendor Vendor x wants to send lending information over port 443 to a webserver on my network that will have a webservice injecting data into a SQL database. So I ask them if we couldn't just create a vpn tunnel from their server through my firewall to the webservice running internally. They reply no just open your firewall and whitelist our address then nat the traffic to the webservice. I am a little more than wondering how they get away with this format for shipping data to financial institutions? -----Original Message----- From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Kurt Buff Sent: Thursday, December 18, 2014 3:32 PM To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] Weird request from a vendor On Thu, Dec 18, 2014 at 12:26 PM, David McSpadden <[email protected]<mailto:[email protected]>> wrote: > You ever heard of someone whitelisting a server on the Internet to > push data through a firewall on port 443? More details needed, but yes, I've put up firewall rules for specific ports and addresses. Very common. Kurt
