FTM SWIFT must be deployed in a secure zone to protect it from
potentially compromised elements of the general IT environment and external environment. A secure
zone is a logical entity for a collection of systems that require the same access control policy. In
a secure zone, access is tightly controlled and available only to a small number of authorized
users.
The requirements below must be met for the secure zone of FTM SWIFT:
The following components of FTM SWIFT need to be in a secured zone.
You may choose to distribute components into several secured zones if required.
The FTM SWIFT instances (customized and runnable).
The necessary middleware.
The communication interface (SAG), the FTM SWIFT SAG Add-On and the related SWIFT
components SWIFTNet Link and Hardware Security Module (HSM).
Any applicable operator workstation dedicated to the operation or administration of the local
SWIFT infrastructure.
A system providing a remote desktop to users outside the secure zone. Those systems (jump
servers) limit the functions and facilities which a user can execute from within an outside system.
Security relevant programs can be installed on a jump server and need no installation on systems
outside of the secured zone.
Note: When you add additional components to the secure zone, the rules for the secure zone
apply to those components as well.
Interactions with systems outside the secure zone must be limited to:
Communication with back-office applications
Logging data exchanged with outbound systems
Such interaction must be controlled by transport layer firewalls, optionally in combination
with access control lists (ACL).
Operator can access these secure zone components:
From dedicated operator system within the secure zone.
From a general purpose operator system to the secure zone via a jump server located within the
secure zone.
From a general purpose operator system, if they only access the messaging interface services of
FTM SWIFT (FIN, MSIF, RMA) by means of a browser-based GUI. For those
systems you need to restrict internet access using a remote desktop access, virtual machines or by
disabling internet access at all. A general purpose operator system is not allowed to do operating
system administration activities. The browser-based GUI must support Multi-factor authentication.
How such a secure zone can look like is shown in the following figure:
Figure 1. Environment in a secure zone
example
The following figure shows an alternative setup where the SAG is located in a separate secure
zone:
Figure 2. Environment with a SAG in a separate
secure zone