Date: Tue, 28 May 2002 17:22:49 -0500 (CDT) From: Sean Farley <sean-freebsd@farley.org> To: freebsd-isp@freebsd.org Subject: Web site security questions Message-ID: <20020528171331.I87801-100000@thor.farley.org>
next in thread | raw e-mail | index | archive | help
I am setting up a commerce site on FreeBSD, but I want to go over my ideas for making it as secure as possible while still usable. Here are my current notes on the security setup: ------------------------------ Steps ----- 1) Run main machine with jails for applications. - Only allow connections via SSH from designated IPs. 2) Run database within jail on non-routable IP. - Turn off all services except for the database. - Only accept connections from the other jails using the configuration file. - Only allow connections to the database from the other jails using the firewall. 3) Run store within different jail. - Turn off all services except for the web server and SSH. - Only allow connections via SSH from designated IPs. 4) Apply, from main machine, 'chflags -R schg' (immutable) to: - /usr/local/pgsql/data/*.conf - /usr/local/etc/apache/ - /usr/local/www/store/ This should prevent anyone from altering the secure flow between the database and the store. 5) Change code to encrypt the credit card numbers with a public key. 6) Change code to decrypt the credit card numbers via an encrypted key stored within the database. 7) Change code to prompt for a password whenever a credit card number is pulled from the database. This will take a bit of work to make this convenient. Weaknesses ---------- 1) The main machine is compromised as root. This would allow a cracker to change flags and therefore any code. 2) The database jail is compromised. As root or the database user, a cracker would be able to stop the database server and create own copy of server for web application to connect against. With this the cracker will be able to log all queries. ------------------------------ Does this look like it would be secure enough? Is there any advice on what I can do to make this scheme better? Sean ----------------------- sean-freebsd@farley.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020528171331.I87801-100000>