| |
| |
LinuxWorld: Business/Legal Issues: Web Security for Business:
Verifying and Storing Customer Data In a Secure Manner, August 29, 2001
Introduction (Slide Two)
- Hello World
- What will be covered:
- Common issues in securing back-end data transactions.
- A concept network layout to solve these issues.
- Implementation of this concept network using Open Source Software.
Introduction (Slide Three)
- What won't be covered:
- Configuring all software used in this network implementation.
- How various network protocols work.
Disclaimer (Slide Four)
- It should be noted that this presentation does not cover all of the issues in securing networked based machines and the contents thereof. It is designed only to introduce basic concepts and offer one possible solution.
Our Problem (Slide Five)
- To implement an e-commerce site such that a back-end database and credit card verification system are removed as far away as possible from attack while at the same time keeping a flexible network design and without imposing undo limitations on functionality.
Our Solution (Slide Six)
- To use Proxy and SSL technology to create a virtual private network that will allow us to pass vital data from a front-end web server to a back-end database and credit card verification system.
The VPN will allow us to transmit the data securely and verify that the data came from our front-end server, before storing in our database and/or continuing further verification steps such as credit card authorization.
The Open Source Software (Slide Seven)
- Linux Operating System for Firewall, Servers
- Apache Web Server
- mod_ssl
- mod_proxy
- Postgres Database
Red Hat Equivalent (Slide Eight)
- Red Hat Linux
- Stronghold Secure Web Server which Includes:
- Red Hat Database
- Postgres
- CCVS
Network Topology (Slide Nine)
Network Topology (Slide Ten)
Network Topology (Slide Eleven)
Creating Our VPN (Slide Twelve)
- Create our Virtual Private Network using Apache, mod_ssl and mod_proxy on the front-end server to communicate with Apache and mod_ssl on back-end servers
- Authentication using SSL protocol
- Encryption using SSL protocol
Configuration (Slide Thirteen)
- Mercury our Front-End Apache Web Server
Configuration (Slide Fourteen)
- Venus Our Back-End Postgres Database Server with an Apache Interface
Configuration (Slide Fifteen)
- Earth Our Back-End CCVS Server with an Apache Interface
Configuration (Slide Sixteen)
- Mercury's Digital Certificate to Authenticate Itself:
Configuration (Slide Seventeen)
- Venus & Earth's Requiring Mercury to Authenticate Itself:
Network Topology: Result (Slide Eighteen)
Problem & Solution (Slide Nineteen)
- To implement an e-commerce site such that a back-end database and credit card verification system are removed as far away as possible from attach while at the same time keeping a flexible network design and without imposing undo limitations on functionality of the e-commerce site
- Using Proxy and SSL technology design into the open source web server Apache to pass vital data from a front-end web server to a back-end database and credit card verification system.
Citation (Slide Twenty)
- Engelschall, Ralf User Manual mod_ssl Version 2.8 Jan. 2001 <http://www.modssl.org/docs/2.8>
- Red Hat, Inc. (2000). Administration Guide: Stronghold Secure Web Server 3.0 Oakland: Red Hat, Inc.
Acknowledgments & Suggested References (Slide Twenty One)
- Red Hat's Stronghold Team
- This Presentation:
- Introduction to Apache, SSL Protocol:
Acknowledgments & Suggested References (Slide Twenty Two)
Acknowledgments & Suggested References (Slide Twenty Three)
|
|
|
| |
...in the pursuit of life and space [man] will emerge timidly from the bounds of the atmosphere and then advance until he has conquered the whole of circumsolar space.
-Konstantin E. Tsiolkovsky
|
|
|