LinuxWorld: Business/Legal Issues: Web Security for Business:
Verifying and Storing Customer Data In a Secure Manner, August 29, 2001
Introduction (Slide Two)
Introduction (Slide Three)
- Hello World
- What will be covered:
- Common issues in securing back-end data transactions.
- A concept network layout to solve these issues.
- Implementation of this concept network using Open Source Software.
Disclaimer (Slide Four)
- What won't be covered:
- Configuring all software used in this network implementation.
- How various network protocols work.
Our Problem (Slide Five)
- It should be noted that this presentation does not cover all of the issues in securing networked based machines and the contents thereof. It is designed only to introduce basic concepts and offer one possible solution.
Our Solution (Slide Six)
- To implement an e-commerce site such that a back-end database and credit card verification system are removed as far away as possible from attack while at the same time keeping a flexible network design and without imposing undo limitations on functionality.
The Open Source Software (Slide Seven)
- To use Proxy and SSL technology to create a virtual private network that will allow us to pass vital data from a front-end web server to a back-end database and credit card verification system.
The VPN will allow us to transmit the data securely and verify that the data came from our front-end server, before storing in our database and/or continuing further verification steps such as credit card authorization.
Red Hat Equivalent (Slide Eight)
- Linux Operating System for Firewall, Servers
- Apache Web Server
- Postgres Database
Network Topology (Slide Nine)
Network Topology (Slide Ten)
Network Topology (Slide Eleven)
Creating Our VPN (Slide Twelve)
- Red Hat Linux
- Stronghold Secure Web Server which Includes:
- Red Hat Database
Configuration (Slide Thirteen)
- Create our Virtual Private Network using Apache, mod_ssl and mod_proxy on the front-end server to communicate with Apache and mod_ssl on back-end servers
- Authentication using SSL protocol
- Encryption using SSL protocol
Configuration (Slide Fourteen)
- Mercury our Front-End Apache Web Server
Configuration (Slide Fifteen)
- Venus Our Back-End Postgres Database Server with an Apache Interface
Configuration (Slide Sixteen)
- Earth Our Back-End CCVS Server with an Apache Interface
Configuration (Slide Seventeen)
- Mercury's Digital Certificate to Authenticate Itself:
Network Topology: Result (Slide Eighteen)
Problem & Solution (Slide Nineteen)
- Venus & Earth's Requiring Mercury to Authenticate Itself:
Citation (Slide Twenty)
- To implement an e-commerce site such that a back-end database and credit card verification system are removed as far away as possible from attach while at the same time keeping a flexible network design and without imposing undo limitations on functionality of the e-commerce site
- Using Proxy and SSL technology design into the open source web server Apache to pass vital data from a front-end web server to a back-end database and credit card verification system.
Acknowledgments & Suggested References (Slide Twenty One)
- Engelschall, Ralf User Manual mod_ssl Version 2.8 Jan. 2001 <http://www.modssl.org/docs/2.8>
- Red Hat, Inc. (2000). Administration Guide: Stronghold Secure Web Server 3.0 Oakland: Red Hat, Inc.
Acknowledgments & Suggested References (Slide Twenty Two)
Acknowledgments & Suggested References (Slide Twenty Three)
- Red Hat's Stronghold Team
- This Presentation:
- Introduction to Apache, SSL Protocol:
It is not easy to see how the more extreme forms of nationalism can long survive when men have seen the Earth in its true perspective as a single small globe against the stars.
-Arthur C. Clarke