Successful AS2 communications require a balancing act between two conflicting demands: your infrastructure has to be open enough to talk with your trading partners, but secure enough to keep out intruders and repel attacks. The familiar firewall is the tool of choice to resolve this, but it still requires that you tell your trading partner which ports are open. This could expose your network to security lapses on their end. Fortunately, there are several options available to minimize or eliminate this risk.
An obvious solution is to restrict incoming traffic only to the known IP addresses of your trading partners. While this is a good start, some other problems present themselves. Continue reading →
In my last entry discussing the restriction of outbound communications, I briefly mentioned one of the benefits of using an automatic retry option for your AS2 transmissions. Automated resending, or what are sometimes called AS2 reliability features, can be a simplifying and powerful tool in a variety of situations beyond what I’ve already discussed, however. In this entry, I’m going to talk about some of those cases and the advantages they offer.
Most AS2 applications offer some sort of automatic retry facility in case the initial attempt to send an outbound document fails. Despite this, I’ve noticed that many users ignore this feature. They might wonder what the point in retrying is, thinking that a failure in an HTTP transmission usually indicates something that is not going to resolve itself, Continue reading →
While considering enhancements for the next version of EXTOL’s AS2 product a while ago, I was presented with what I initially thought was a curious, if not paranoid, enhancement request: a customer wanted to be able to restrict outgoing traffic to specific ports.
My first question was: “Why bother?” Indeed, the vast majority of our customers had no restrictions on their outgoing source, or egress, ports and the concern of network administrators has traditionally been on restricting who and what can come into the network from outside. While the threat from viruses, worms, denial-of-service attacks targeted at a company’s internet infrastructure from the outside is obvious, the perils from inside the network are not so readily apparent. Nevertheless, they are worthy of a security conscious IT professional’s close consideration.
So what can a company gain by restricting the traffic over its egress ports? Continue reading →