close

Privacy guaranteed - Your email is not shared with anyone.

Need advice: Secure data transmission

Discussion in 'Tech Talk' started by Stephen, Aug 25, 2004.

  1. Stephen

    Stephen Hola! Millennium Member

    Messages:
    379
    Likes Received:
    0
    Joined:
    Aug 24, 1999
    Location:
    Dallas, Texas
    My wife works for a company that we have all heard of and has a small... well a BIG problem. She has to be able to move large amounts of financial data SECURELY from a vendor to a supplier. This has been done via FTP however the plug is being pulled as it's not secure/encrypted.

    There have been discussions of doing either CD or tape copies that would be overnighted from A to B however this is not an acceptable solution to the client(s).

    Does anyone here know how to SECURELY transmit large amounts of data (account/checking numbers, etc.)??

    TIA--
     
  2. gudel

    gudel

    Messages:
    486
    Likes Received:
    0
    Joined:
    Jun 1, 2001
    yes, PGP it. :) once done, you can transmit it openly. this is your best bet, very secure.
     

  3. lomfs24

    lomfs24

    Messages:
    2,388
    Likes Received:
    144
    Joined:
    Apr 19, 2003
    Location:
    Montana
    Ummm, you could use ssh. You could create and encrypted tunnel or VPN. There are several way to accomplish this.

    I have not read this yet but I just got a book called 'Network Security Hacks' by O'Reilly. Section 6 talks about Secure Tunnels. For $24,95 you will probably get better and more complete instructions that you will get from me or someone else trying to tell you how to build a secure tunnel on a forum. You should be able to get this book at any descent sized book store that has a computer section.

    At least that book may point you in the direction of another book that will really help you.
     
  4. 308endurdebate

    308endurdebate

    Messages:
    118
    Likes Received:
    3
    Joined:
    Oct 12, 2003
    Location:
    Arlington, VA
    IPSEC VPN would work, then you could ftp it still. You could use PKI and S/MIME encrypt it (PGP also). You could host it on a SSL enabled website.

    -k
     
  5. Stephen

    Stephen Hola! Millennium Member

    Messages:
    379
    Likes Received:
    0
    Joined:
    Aug 24, 1999
    Location:
    Dallas, Texas
    Believe it or not - they (her company) just purchased a bazillion PGP user licenses and now their attorney's are saying that it's not secure (enough).
     
  6. hwyhobo

    hwyhobo

    Messages:
    1,426
    Likes Received:
    0
    Joined:
    Jun 3, 2003
    Location:
    Silicon Valley
    VPN tunnel, then you can ftp through it.
     
  7. Stephen

    Stephen Hola! Millennium Member

    Messages:
    379
    Likes Received:
    0
    Joined:
    Aug 24, 1999
    Location:
    Dallas, Texas
    Can this be done from a PC (presumably) to a 'mainframe' machine? Sorry but I do not have all of the specifics of the hardware involved and am not sure if my wife will tell me due to financial security concerns, etc.

    I will pass this along to see if there's an option there.

    Keep the ideas and theories coming!
     
  8. Stephen

    Stephen Hola! Millennium Member

    Messages:
    379
    Likes Received:
    0
    Joined:
    Aug 24, 1999
    Location:
    Dallas, Texas
    Thanks for the info. I was not familiar with SSH... I'll look at that as well.
     
  9. gudel

    gudel

    Messages:
    486
    Likes Received:
    0
    Joined:
    Jun 1, 2001
    what firm/company is this?
     
  10. Stephen

    Stephen Hola! Millennium Member

    Messages:
    379
    Likes Received:
    0
    Joined:
    Aug 24, 1999
    Location:
    Dallas, Texas
    I'd prefer not to mention - but suffice it to say that virtually every human over the age of 14 has probably heard of 'em.
     
  11. Stephen

    Stephen Hola! Millennium Member

    Messages:
    379
    Likes Received:
    0
    Joined:
    Aug 24, 1999
    Location:
    Dallas, Texas
    Let me add this - if you (or anyone reading this) is in the network/security business (verifiable working knowledge - not just theory), PM me and I can at least say who she works for and how to contact her so she can shed a bit more light on the subject.
     
  12. lomfs24

    lomfs24

    Messages:
    2,388
    Likes Received:
    144
    Joined:
    Apr 19, 2003
    Location:
    Montana
    I got a really dumb quesiton here. If this company is so large that you could say they have 90% market penetration. (Nearly everyone has heard of them). Shouldn't they have network admins to handle this? Why would you look for a solution to this problem on a gun owners forum?

    Just a quesiton. I still would give my input just to say "MultiBillion dollar Company X used my suggestion and I don't even have a college education. I mean hukt on fonix rilly wurkt fir mi."
     
  13. gudel

    gudel

    Messages:
    486
    Likes Received:
    0
    Joined:
    Jun 1, 2001
    you believe what the attorneys say in high tech computing? these attorney people also claim that glocks unsafe. ask the MA district attorney about it.

    when pgp was first out, the NSA guys went ape****. exporting pgp is considered as "exporting munition", the NSA also claimed that further proliferation is counter to national security and economic concerns. yeah, whatever that means. some guy had to printed (on paper) the source code, and export it. (you can't block books, it's protected by the 1st)

    heh.. lawyers schmoyers.

    good point, that's why i wanted to know who proliferates the identity theft by not encrypting critical personal informations :)
     
  14. Stephen

    Stephen Hola! Millennium Member

    Messages:
    379
    Likes Received:
    0
    Joined:
    Aug 24, 1999
    Location:
    Dallas, Texas
    The problem is that this is a test/pilot program with limited financial resources available for the project. They have spent considerable $$ on the card program but don't have the allocation for tech.

    The other side of the coin is that her company is in the middle. She is trying to facilitate the data between 2 other companies' systems.

    As far as the last sentance of the quote above - I too work for a rather huge company but out network guys only support what the company has/allows on their systems... a no "thinking outside the box" mentality. I have found that I can get a great amount of information from a good cross-section of people by asking such TECH questions here (which is why there's a TECH section HERE at GT).
     
  15. Stephen

    Stephen Hola! Millennium Member

    Messages:
    379
    Likes Received:
    0
    Joined:
    Aug 24, 1999
    Location:
    Dallas, Texas
    I think you missed the point. Her company uses PGP INTERNALLY but this is data going from A to B.
     
  16. lomfs24

    lomfs24

    Messages:
    2,388
    Likes Received:
    144
    Joined:
    Apr 19, 2003
    Location:
    Montana
    Don't get me wrong. I was not trying to belittle you or your wifes company. And I do certainly understand the 'not thinking outside the box' syndrome.

    I also understand the test/pilot scenario as well. I was just curious. I am certainly not the guy to get you out of this mess but I am currently trying to contact a guy I know could.
     
  17. Stephen

    Stephen Hola! Millennium Member

    Messages:
    379
    Likes Received:
    0
    Joined:
    Aug 24, 1999
    Location:
    Dallas, Texas

    No worries - I just know that sometimes 'round here (and other places) people try and propagate conspiracies and stir up the &^%$ pot. Sorry if I seemed huffy... I wasn't.

    I am just trying to help my wife out by doing some fact finding.

    Actually I am in the middle of a pilot program at my office (I work for MASCO) and I can already see the roadblocks a mile away and we are just getting out of the gates now.... ;g :soap:
     
  18. 308endurdebate

    308endurdebate

    Messages:
    118
    Likes Received:
    3
    Joined:
    Oct 12, 2003
    Location:
    Arlington, VA
    IPSEC and PKI/SMIME are available on many mainframes. Both support the new AES standard which is stronger and faster than the older defacto 3DES. SSH also supports AES and SSHD is available on many mainframes.

    Realistically, your wife's company does need to get some expert consulting.

    -k
     
  19. Toyman

    Toyman

    Messages:
    2,600
    Likes Received:
    36
    Joined:
    May 6, 2003
    Location:
    West Michigan
    This is probably going to sound like a dumb question, but since they
    re already using FTP, why not use Secure FTP, as in connecting via FTP with SSL (Secure Sockets Layer)??

    Personally I think that if this company is that big, they ought to be hiring some IT guys that know what they're doing.

    A Google Search will turn up many solutions.
     
  20. HerrGlock

    HerrGlock Scouts Out CLM

    Messages:
    23,802
    Likes Received:
    255
    Joined:
    Dec 28, 2000
    sftp.

    Other ideas are ssl (as mentioned above) from one firewall to the other, IPSEC tunnel.

    You want secure? Okay:

    Wife's comp
    Wife's firewall
    Other firewall
    mainframe.

    IPSEC tunnel from Wife's firewall to Other firewall. Wife uses scp or sftp (both in the SSH deck of cards) to connect from her computer to mainframe.

    You then have 1024 or 2048 bit encryption from computer to mainframe and that gets encapsulated into a 1024-4096 bit encrypted tunnel from firewall to firewall.

    If that's not good enough for your lawyers, ask them why it's good enough for TS stuff from the NSA.

    PM me if you wish. I'll talk about this stuff all day.

    DanH