BGC Interface Guide FTP-via-Internet MANUAL FOR YOUR COMPANY November 2008



Similar documents
SFTP (Secure Shell FTP using SSH2 protocol)

Tamper protection with Bankgirot HMAC Technical Specification

Chapter 4 Virtual Private Networking

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Chapter 5 Virtual Private Networking Using IPsec

Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt,

Online Banking for Business Secure FTP with SSH (Secure Shell) USER GUIDE

IPSec Pass through via Gateway to Gateway VPN Connection

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

VPN. VPN For BIPAC 741/743GE

Cornerstones of Security

How To Industrial Networking

Quick Reference Guide. Online Courier: FTP. Signing On. Using FTP Pickup. To Access Online Courier.

How do I load balance FTP on NetScaler?

Online Banking for Business Secure FTP with SSL (Secure Socket Layer) USER GUIDE

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

Chapter 8 Virtual Private Networking

This chapter describes how to set up and manage VPN service in Mac OS X Server.

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

FortiOS Handbook IPsec VPN for FortiOS 5.0

U.S. Department of Education 1998 Electronic Access Conferences

Configuring GTA Firewalls for Remote Access

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Common Remote Service Platform (crsp) Security Concept

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

Technical Document. Creating a VPN. GTA Firewall to WatchGuard Firebox SOHO 6 TDVPNWGSOHO

IP Office Technical Tip

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

Understanding the Cisco VPN Client

Cyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm

Chapter 6 Basic Virtual Private Networking

ISG50 Application Note Version 1.0 June, 2011

Virtual Private Network (VPN)

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6

Configuring Windows 2000/XP IPsec for Site-to-Site VPN

Using IKEv2 on Juniper Networks Junos Pulse Secure Access Appliance

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

HMRC Secure Electronic Transfer (SET)

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

21.4 Network Address Translation (NAT) NAT concept

Quick Note 051. Common Passwords/ID errors in IPsec VPN negotiation for TransPort routers. DRAFT July 2015

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

File Transfer Protocol (FTP) Chuan-Ming Liu Computer Science and Information Engineering National Taipei University of Technology Fall 2007, TAIWAN

Configuring the WT-4 for ftp (Ad-hoc Mode)

2- Electronic Mail (SMTP), File Transfer (FTP), & Remote Logging (TELNET)

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

Nokia E61i Configuring connection settings

Netopia TheGreenBow IPSec VPN Client. Configuration Guide.

Guideline for setting up a functional VPN

ipad in Business Security

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

TECHNICAL BULLETIN. Configuring Wireless Settings in an i-stat 1 Wireless Analyzer

WS_FTP Professional 12. Security Guide

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

Wholesale Partner Technical Guide

VPN Wizard Default Settings and General Information

Electronic Service Agent TM. Network and Transmission Security And Information Privacy

Technical Document. Creating a VPN. GTA Firewall to WatchGuard Firebox SOHO 6 TD: GB-WGSOHO6

Remote login (Telnet):

The BANDIT Products in Virtual Private Networks

File transfer clients manual File Delivery Services

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Configuring connection settings

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE

Case Study for Layer 3 Authentication and Encryption

Information Security Basic Concepts

A Division of Cisco Systems, Inc. GHz g. Wireless-G. USB Network Adapter with RangeBooster. User Guide WIRELESS WUSB54GR. Model No.

VPN L2TP Application. Installation Guide

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May New Features and Enhancements. Tip of the Day

Gateway to Gateway VPN Connection

Configuring a FortiGate unit as an L2TP/IPsec server

Administrator's Guide

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Virtual Private Network and Remote Access Setup

Experian Secure Transport Service

ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

Configuring a GB-OS Site-to-Site VPN to a Non-GTA Firewall

Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance

FortiOS Handbook - IPsec VPN VERSION 5.2.2

Ingate Firewall. TheGreenBow IPSec VPN Client Configuration Guide.

IPsec VPN Application Guide REV:

Appendix. Web Command Error Codes. Web Command Error Codes

Creating a Gateway to Gateway VPN between Sidewinder G2 and Linux

Broadband Firewall Router with 4-Port Switch/VPN Endpoint

Implementing Secure Shell

ZyXEL ZyWALL P1 firmware V3.64

Overview. Protocols. VPN and Firewalls

Setting up VPN Tracker with Nortel VPN Routers

How to configure VPN function on TP-LINK Routers

Planet CS TheGreenBow IPSec VPN Client. Configuration Guide.

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

Transcription:

BGC Interface Guide FTP-via-Internet MANUAL FOR YOUR COMPANY November 2008

Contents Contents...1 Contact details and addresses...2 Telephone, fax and email for BGC Customer Service for customers of:...2 For software companies...2 Find information quickly and easily on the web!...2 Introduction...3 General...3 Security...3 Tamper protection...3 Technical information...4 Technical requirements...4 Technical specifications for VPN...4 Files...4 Connection...5 Agreement with the Bank...5 Configuration...5 Testing...6 File Transfer...7 Sending files to Bankgirot...7 Sending files from Bankgirot...7 Ready to start once the following items are ready...8 you are ready to start....8 1

Contact details and addresses Postal address: BGC, 105 19 Stockholm Telephone, fax and email for BGC Customer Service for customers of: Swedbank Telephone +46 8-725 60 80 Email fsb@bgc.se Fax 0046 8-556 100 85 Handelsbanken Telephone +46 8-725 60 60 Email handelsbanken@bgc.se Fax 0046 8-556 101 66 Nordea Telephone +46 8-725 60 30 Email nordea@bgc.se Fax 0046 8-556 100 35 Danske Bank Telephone +46 8-725 60 77 Email danskebank@bgc.se Fax 0046 8-556 101 07 SEB Telephone +46 8-725 60 50 Email seb@bgc.se Fax 0046 8-556 100 53 Other banks Telephone +46 8-725 60 90 Email bankgiroservice@bgc.se Fax 0046 8-556 100 01 For software companies Please contact BGC Customer Service Technical Support. Telephone +46 8-725 70 70 Email program.dialog@bgc.se Find information quickly and easily on the web! Feel free to visit our website at www.bgc.se! Here, you will find up-to-date product information, questions & answers as well as manuals and other documents. 2

Introduction This manual is designed for bank customers intending to use bankgiro services using FTP-via-Internet as the method of delivery. Among other things, this manual describes tamper protection, outlines technical user specifications and describes how file transfer works. General FTP-via-Internet uses TCP/IP FTP, a standard product used for file transfer found in all UNIX systems. It can be used to transfer data from most PCs to IBM mainframe computers. Connection to Bankgirot is via a VPN tunnel over the Internet to ensure secure transmission. VPN is a method used for creating secure data communication over a non-secure (often public) network, such as the Internet. A secure channel, or tunnel, is created between two nodes by means of encryption. All traffic between the two nodes is passed through this channel before being released at the other end. This means that no one other than those individuals sitting at either of the two ends is able to access files or data, even though these are being transferred via the Internet. The software used to set up the tunnel must be secure at all levels to ensure that the node at the other end can be identified with confidence. For VPN, this means first identifying a node or a computer, unlike, say, BgCom or Bankgiro Link, where a user - an individual - is identified. The payment file is created in the agreed format for Bankgiro services. The file is protected against tampering and is sent in accordance with the instructions which can be found below. Security To achieve as high a level of security as possible when transferring payment files to Bankgirot, the material is checked in a multi-stage process. These checks are designed to protect your company from unauthorised changes, and ensure secure handling within the bankgiro system. Tamper protection All files to Bankgirot must have tamper protection. If a payment file has tamper protection it means that the file is protected from unauthorised alteration when being transferred between you and Bankgirot. A special mathematical calculation (encryption algorithm) is used in combination with a special unique key to give the file an encrypted check value, calculated on the basis of the file contents. By checking the tamper protection, Bankgirot can verify that the file contents have not been changed without authorisation. Reference: For more information on tamper protection, see Tamper protection technical manual. 3

Technical information Technical requirements VPN-gateway Software for TCP/IP FTP Fixed, public IP address on VPN gateway, (not DHCP). Fixed, public IP address on FTP client/server. If you do not have an official IP address, Bankgirot can lend you a temporary IP address. Software for tamper protection Technical specifications for VPN IPSec is used to set up the VPN tunnel Encryption 3DES Data integrity: SHA-1 Key Exchange DH Group2 (1024 bit) Perfect Forward Secrecy Don t use Aggressive Mode Files Encoding Bankgirot accepts files in ASCII- or EBCDIC-format. For ASCII-files, ISO8859-1 is the recommended encoding. Line Break According to the File Transfer Protocol standard RFC 959, <CRLF> should be used as end-of-line sequence for textfiles in ASCII. (CR = 0x0D, LF = 0x0A) PC (Windows) In textfiles <CRLF> is used as Line Break. No correction needs to be made. Unix / Linux - In textfiles <LF> is used as Line Break. The FTP-client in Unix/Linux then has to add CR in transmission so that the file is transmitted with <CRLF>. If it doesn t do that, the file has to be altered to use <CRLF> as Line Break. If the wrong Line Break is used in the file, the following error message is sent: 451-File transfer failed. File contains records that are longer than the LRECL of the new file. Filename Files to Bankgirot are named according to the structure BFEP.Ixxxx.K0nnnnnn, where xxxx is replaced with productcode and nnnn is replaced with customer number, right aligned and zero filled. Note! For testfiles product code and ZZ must always be used, i.e LBZZ. Ex Filename for test and production AG - Autogiro KI - Kontoinsättningar/Löner Testfile BFEP.IAGZZ.K0123456 Testfile BFEP.IKIZZ.K0123546 Prodfile BFEP.IAGAG.K0123456 Prodfile BFEP.IKIKI.K0123456 LB - Leverantörsbetalningar Testfile BFEP.ILBZZ.K0123456 Prodfile BFEP.ILBLB.K0123456 4

Connection Agreement with the Bank Configuration Once Bankgirot has received the agreement information from the bank, the appointed technical contact person at your company will be contacted to exchange technical data. When Bankgirot contacts you, you should have the following technical information to hand: Bankgirot needs the following information when you send files to us: IP address to VPN Gateway IP address to FTP Client Bankgirot needs the following information when we send files to you: IP address to VPN Gateway IP address to your FTP Server (recipient PC) User ID and Password to your FTP-Server Chosen file name for delivery to you Once Bankgirot has configured its system, Bankgirot will give you the information below: User ID with Bankgirot Temporary password Preshared secret BGC's IP addresses File name for test or production Password When Bankgirot configures the connection, you will be given a temporary password which is replaced with your own password the first time you log on. For this reason, it is important that your communications program can handle the dialogue in the event of password replacement. The password must contain a minimum of six and a maximum of eight alphanumerical characters. The Swedish characters Å, Ä, Ö cannot be used in the password, nor can abbreviations for months such as "Jan" or "Feb. Changing your password: FTP bgc USER user-id given to you by Bankgirot PASS old_password/new_password/new_password 5

Testing To verify that the transmission is working and that the payment files created by your payments program have the correct format, you should perform a test. Only once the agreement is complete and the test approved you can start using your password and your key to provide tamper protection for real payments. The test is another way of improving security. The following procedure is carried out in connection with testing: 1. Create a payment message in the payments program: Make sure your company's details are registered in the payments program before generating the test file because this information follows with the payment file and is checked at the time of the test run. Make payment messages to and from real bankgiro numbers or account numbers since the format of this information will be checked by Bankgirot. Make those payment types that are to be used for real payments. In the relevant manual read how the bankgiro service works. 2. tamper protect the testfile Testfiles are protected using the testkey whereas productionkey is used for production files. 3. Logging on to Bankgirot Use the temporary password given to you by Bankgirot and replace it with a new password the first time you log on. See page 5. 4. Send the test in accordance with the instructions in the software manual. Once the test is approved by Bankgirot and the agreement is complete, your company will be notified by letter. You can now start using bankgirot's services in your administration of real payments. Record the production key for tamper protection with a start date in your seal software. Note that you cannot sign a file created with a date earlier than the date when the seal key was generated. 6

File Transfer Sending files to Bankgirot Dialogue when communicating with Bankgirot FTP bgc USER user-id given to you by Bankgirot PASS password PUT local_file name BFEP.Ixxxx.K0nnnnnn QUIT If the file is more than 80 characters in size, indicate this using the command: SITE LRECL = nnnn (nnnn = data record length) Max file size that can normally be sent is 20 MB. For larger files, please state: SITE PRI = nnnn (nnnn = file size in MB/0.22) FTP passive mode (PASV) can be used when sending files to Bankgirot. Character Encoding: Files are stored at Bankgirot in EBCDIC-format. If nothing else is declared a conversion between 8-bit ASCII (Code Page 858) and EBCDIC Finnish/Swedish Code Page (1143) will be carried out. If you would like to transfer files using another encoding that has to be specified. To send files with 7-bits ASCII, indicate: SITE XLATE = ASCII7 To send files with ISO 8859-1, indicate: SITE XLATE=ISO8859 If the file is already an EBCDIC file, the file must be sent as a binary file, indicate: BINARY or TYPE I The command for PRI, LRECL and XLATE can be indicated in the same SITE command. If your FTP client doesn t support SITE commands, you can use the QUOTE command: QUOTE SITE The result is a file created in the Bankgirot system with a unique file name. The Bankgiro system has an inbuilt "generation data set", which means that every delivery always gets a unique file nam at Bankgirot. This enables several files to be sent on the same day without risk for data loss (overwriting). If the file name is wrong or if a no-approved command is used, you will see the following error message: 550 User Exit denies userid xxxx from using command YYYY Sending files from Bankgirot File transmission from Bankgirot is initiated by Bankgirot once the file is ready in Bankgirot's system. The file is automatically sent from Bankgirot and cannot be collected via FTP. However, your communication system must be set up to be able to receive. The file will be placed in the beforehand agreed catalogue in you file system. The generation data set may be indicated by Bankgirot as the command STORE UNIQUE. To use this facility, the recipient computers must be able to handle this function. Warning! Bankgirot cannot create and send empty files. If there is nothing to report on the day agreed in the timetable, no file will be sent. 7

Ready to start once the following items are ready Before you can start using Bankgiro services, the following steps need to be taken: 1. Agreement The customer and the Bank signs the bankgiro services agreement and specify form of delivery. 2. Configuring communication Bankgirot contacts the customer and configures the connection 3. Test The customer sends a testfile to Bankgirot containing authentic payments messages. you are ready to start. You can now start using bankgirot's services in your administration of real payments. 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information