1 / 17

Building Secure E-Commerce Solutions with WebApp Server

Building Secure E-Commerce Solutions with WebApp Server. Janne Wassberg Visual Solutions AB/ADB-UTVECKLING AB Stockholm, Sweden. What’s Security?. Firewalls/Network Protecting your db's Payments/SSL Etc… I will focus on WebApp installations. A typical WebApp installation. Internet. LAN.

rhett
Télécharger la présentation

Building Secure E-Commerce Solutions with WebApp Server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Building Secure E-Commerce Solutions with WebApp Server Janne Wassberg Visual Solutions AB/ADB-UTVECKLING AB Stockholm, Sweden

  2. What’s Security? • Firewalls/Network • Protecting your db's • Payments/SSL • Etc… • I will focus on WebApp installations

  3. A typical WebApp installation Internet LAN Leased Line Router Gateway Firewall Internet and/or db Server

  4. What’s your responsibility • Firewall • Gateway/DNS • LAN • Servers (internet, applications and data) • WebApp applications

  5. Firewall • The firewall is filtering incoming and outgoing traffic. • One of the most important things in your configuration. • Managed by your network admin if you have one, if not hire an expert.

  6. Gateway/DNS • Not a high risk issue. • Be sure that have turned off services that allows remote control like Telnet and FTP. • Managed by your network admin if you have one, if not hire an expert.

  7. Local Area Network • Use as few protocols as you can. • Use one network for the external side and another for the internal. • 195.163.97.??? (external) • 192.168.1.??? (internal)

  8. Internet and db servers • Install the latest service packs and hot fixes • Remove all net shares • Disable the guest account • Rename the administrator account • Set a very strong password for the admin account • Unbind the NetBIOS from TCP/IP • Configure TCP/IP filtering • Disable the default Web site • Remove unused script mappings

  9. WebApp applications • Use the security settings in WebApp • Set pbAllowSaveNew to True • Set pbAllowSaveEdit to True • Set pbAllowDelete to False • Set pbAllowClear to False • Set pbAllowFind to False • Set pbAllowDDUpdate to False

  10. WebApp applications • You can build your own login in WebApp • You can use NT Challenge Response for a specific Web site • You can use IP Restrictions for a specific Web site • You can use SSL/HTTPS for a specific Web Site

  11. KM Tvätten a real case WebApp in Sweden • A VDF application with WebApp access installed in 4 different locations, connected to each other through a WAN . • The distance between the locations is about 100 km or more. • Each location is a commercial / industrial laundry.

  12. KM Tvätten a real case WebApp in Sweden Four factories, one HQ Each location is connected to the HQ with leased lines between 64 and 256Kb In Leased line to internet through HQ. Firewall and two separate networks. The traffic to the site is restricted to the external network. Ap db Internet

  13. KM Tvätten a real case WebApp in Sweden Four factories, one HQ The VDF application runs on terminal server and over the WAN. External customers accesses the application through WebApp. WebApp is hosted on the internet server. The data is stored on the db server. The Application and db server runs on a internal network. WebApp talks to the db server using a second network card. The WebApp application requires login. In Ap db Internet

  14. FlexPayment • Secure Credit Card transactions from VDF and WebApp server. • A COM object and classes for VDF/WebApp talking to a payment gateway. • Authorization directly to your application in less then 10 seconds.

  15. FlexPayment • Accepts all Credit Cards • Deals may be done for special cards • Possible to have one server with multiple companies (ISP)

  16. Questions ?

  17. That’s all Janne Wassberg Visual Solutions AB/ADB-UTVECKLING AB Stockholm, Sweden

More Related