Ok here goes... We have a "Trusted" and "DMZ" zone, currently the trusted zone uses an application using SMB (File Sharing) to push files to the DMZ zone. The Trusted server is Windows 2003 SP2 and the DMZ server is a Windows 2008 SP1 server. These servers are on two seperate AD forests, and the DMZ domain trust has an implicit one way trust to the Trusted server zone. For now, we are needing to leave SMB/File Sharing on, but need to know a creative way to secure this data transfer.

You have basic security measures in SMB in terms of authentication and ACLs for authorization. Besides that you can use IPSec to add encryption and authentication to the data transfer on the network layer between the two servers. Be aware that using IPSec will prohibit your central firewall and or IDS from being able to filter and inspect the traffic between your servers. /Hasain

To add to what Hasain mentioned, I'd recommend thinking about the data at rest too. It is one thing to secure the data in motion but I think the data, while at rest, may be more vulnerable. A lot of variables play into it. But when I think about corporate, private, or sensitive data in a DMZ, I typically strive to encrypt it while at rest. There are solutions that will allow you to encrypt at rest and still maintain full file sharing functionality. Brian