RE: [fw-wiz] secure infrastructure question

From: Ahmed, Balal (
Date: 04/23/03

  • Next message: Eric Tan Keng Siang (FS): "Re: RE: [fw-wiz] vpn with fw4.1 and ngfp3"
    From: "Ahmed, Balal" <>
    To: "'m p'" <>, "Alan R. Young" <>,
    Date: Wed, 23 Apr 2003 12:46:51 +0100

    rather than go through the pains of writting your own web application /
    Database, encrypting the CC data, penetration testing the application,
    insuring against fraud and data loss, configuring DMZ's / layered
    architecture........etc etc etc.

    Why not hyperlink of to one of the many CC clearing buerau services that
    provide this functionality at a fraction of the cost and effort it will take
    you to set this up? I have seen large B2B and B2C platforms do this to
    transfer responsibility, and to a certain extent, risk on to a specialist
    third party.

    -----Original Message-----
    From: m p []
    Sent: 23 April 2003 01:05
    To: Alan R. Young;
    Subject: Re: [fw-wiz] secure infrastructure question

     --- "Alan R. Young" <> schrieb: >
    Hello All
    > I am looking for ideas and references.
    > I want to set up a membership-based web site, where
    > the members can
    > leave their credit card on file with us, and after
    > they use up their
    > account balance, they can renew their membership
    > using the credit card
    > that we have on file.
    > So how do you build a secure web infrastructure that
    > would maximize the
    > safety of the customers' credit cards accounts? What
    > type of
    > firewalls/etc would I need?

    Firewalls? What for? You are asking for a complete
    setup. That is not a question for "what firewall
    vendor do you advise".

    Ok, so I will do a part of your work:

    You have your application running on the outside.
    There you send a message to a system in a private DMZ
    which has the accounting database _without_ the credit
    card numbers. Only the amount of time/money is stored
    there. And perhaps the last/first 5 digits of the CCN
    plus the issuer and the experation date.

    If the customer wants to renew his membership you will
    only display him those digits and perhaps the issuer
    and ask him if he wants to reuse that card.

    The CCNs will _only_ be stored in your heavy secured
    internal network and while in transit on the outside
    systems after the customer has entered it and before
    the inside system has polled them.

    That is a design and not a firewall question.



    Gesendet von Yahoo! Mail -
    Bis zu 100 MB Speicher bei
    firewall-wizards mailing list

    " This message contains information that may be privileged or confidential and
    is the property of the Cap Gemini Ernst & Young Group. It is intended only for
    the person to whom it is addressed. If you are not the intended recipient, you
    are not authorized to read, print, retain, copy, disseminate, distribute, or use
    this message or any part thereof. If you receive this message in error, please
    notify the sender immediately and delete all copies of this message ".

    firewall-wizards mailing list

  • Next message: Eric Tan Keng Siang (FS): "Re: RE: [fw-wiz] vpn with fw4.1 and ngfp3"