Re: [fw-wiz] secure infrastructure question

From: m p (sumirati@yahoo.de)
Date: 04/23/03

  • Next message: Eric Tan Keng Siang (FS): "[fw-wiz] vpn with fw4.1 and ngfp3" 
    From: m p <sumirati@yahoo.de>
To: "Alan R. Young" <aryoung@veros.com>, firewall-wizards@honor.icsalabs.com
Date: Wed, 23 Apr 2003 02:05:22 +0200 (CEST)

     --- "Alan R. Young" <aryoung@veros.com> schrieb: >
    Hello All
    >
    > I am looking for ideas and references.
    >
    > I want to set up a membership-based web site, where
    > the members can
    > leave their credit card on file with us, and after
    > they use up their
    > account balance, they can renew their membership
    > using the credit card
    > that we have on file.
    >
    > So how do you build a secure web infrastructure that
    > would maximize the
    > safety of the customers' credit cards accounts? What
    > type of
    > firewalls/etc would I need?
    >

    Firewalls? What for? You are asking for a complete
    setup. That is not a question for "what firewall
    vendor do you advise".

    Ok, so I will do a part of your work:

    You have your application running on the outside.
    There you send a message to a system in a private DMZ
    which has the accounting database _without_ the credit
    card numbers. Only the amount of time/money is stored
    there. And perhaps the last/first 5 digits of the CCN
    plus the issuer and the experation date.

    If the customer wants to renew his membership you will
    only display him those digits and perhaps the issuer
    and ask him if he wants to reuse that card.

    The CCNs will _only_ be stored in your heavy secured
    internal network and while in transit on the outside
    systems after the customer has entered it and before
    the inside system has polled them.

    That is a design and not a firewall question.

    Marc

    __________________________________________________________________

    Gesendet von Yahoo! Mail - http://mail.yahoo.de
    Bis zu 100 MB Speicher bei http://premiummail.yahoo.de
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Eric Tan Keng Siang (FS): "[fw-wiz] vpn with fw4.1 and ngfp3"

    Relevant Pages

    • RE: [fw-wiz] secure infrastructure question
      ... Database, encrypting the CC data, penetration testing the application, ... > leave their credit card on file with us, ... If the customer wants to renew his membership you will ... That is a design and not a firewall question. ...
      (Firewall-Wizards)
    • Re: Cuba shafting VISA users with surcharge
      ... the cuban peso to Canadian, and then compare it to what's on your credit ... they can't put a Cuban peso charge on a credit card (since there is no peso ... they decided to hit credit card transactions as well. ...
      (rec.travel.caribbean)
    • Re: OT--cc theft/need help/advice
      ... I'd call all 3 national credit reporting agencies and alert them. ... to succumb to a "phishing" attack, you don't have to open any attachments, you just have to think that an E-Mail that looks like it's from [E-Bay, Pay-Pal, brokerage firm, bank, credit card company ... recently it was disclosed that the computers of Marshalls and TJMaxx were hacked and the credit card information of 45 million customers was thusly obtained. ... I worry about identity theft but hopefully I can take the right steps to prevent that. ...
      (alt.sys.pc-clone.dell)
    • Re: Welcome, illegal immigrants, to Credit Nation
      ... So, the country from which they came from, does not give them an opportunity to go into debt, with a credit card? ... Welcome, illegal immigrants, to the Credit Nation. ... Bank of America is testing a program in Los Angeles ... · Annual fee. ...
      (soc.retirement)
    • Trapped by lure of the high life
      ... ONE was an unemployed woman who bought a $7,000 home theatre system on hire ... In Pasir Ris-Punggol GRC, MP Charles Chong said he sees about three such cases ... The growth in credit card numbers and hire-purchase agreements is part of this ...
      (soc.culture.singapore)