Environment protection

FTM SWIFT must be deployed in a secure zone to protect it from potentially compromised elements of the general IT environment and external environment. A secure zone is a logical entity for a collection of systems that require the same access control policy. In a secure zone, access is tightly controlled and available only to a small number of authorized users.

The requirements below must be met for the secure zone of FTM SWIFT:

  • The following components of FTM SWIFT need to be in a secured zone. You may choose to distribute components into several secured zones if required.
    • The FTM SWIFT instances (customized and runnable).
    • The necessary middleware.
    • The communication interface (SAG), the FTM SWIFT SAG Add-On and the related SWIFT components SWIFTNet Link and Hardware Security Module (HSM).
    • Any applicable operator workstation dedicated to the operation or administration of the local SWIFT infrastructure.
    • A system providing a remote desktop to users outside the secure zone. Those systems (jump servers) limit the functions and facilities which a user can execute from within an outside system. Security relevant programs can be installed on a jump server and need no installation on systems outside of the secured zone.
    Note: When you add additional components to the secure zone, the rules for the secure zone apply to those components as well.
  • Interactions with systems outside the secure zone must be limited to:
    • Communication with back-office applications
    • Logging data exchanged with outbound systems
    Such interaction must be controlled by transport layer firewalls, optionally in combination with access control lists (ACL).
  • Operator can access these secure zone components:
    • From dedicated operator system within the secure zone.
    • From a general purpose operator system to the secure zone via a jump server located within the secure zone.
    • From a general purpose operator system, if they only access the messaging interface services of FTM SWIFT (FIN, MSIF, RMA) by means of a browser-based GUI. For those systems you need to restrict internet access using a remote desktop access, virtual machines or by disabling internet access at all. A general purpose operator system is not allowed to do operating system administration activities. The browser-based GUI must support Multi-factor authentication.

How such a secure zone can look like is shown in the following figure:

Figure 1. Environment in a secure zone example
Example of an environment in a secure zone

The following figure shows an alternative setup where the SAG is located in a separate secure zone:

Figure 2. Environment with a SAG in a separate secure zone
Secure zone example with separate SAG