RE: [fw-wiz] secure infrastructure question

From: Ahmed, Balal (balal.ahmed@cgey.com)
Date: 04/23/03

  • Next message: Eric Tan Keng Siang (FS): "Re: RE: [fw-wiz] vpn with fw4.1 and ngfp3"
    From: "Ahmed, Balal" <balal.ahmed@cgey.com>
    To: "'m p'" <sumirati@yahoo.de>, "Alan R. Young" <aryoung@veros.com>, firewall-wizards@honor.icsalabs.com
    Date: Wed, 23 Apr 2003 12:46:51 +0100
    

    rather than go through the pains of writting your own web application /
    Database, encrypting the CC data, penetration testing the application,
    insuring against fraud and data loss, configuring DMZ's / layered
    architecture........etc etc etc.

    Why not hyperlink of to one of the many CC clearing buerau services that
    provide this functionality at a fraction of the cost and effort it will take
    you to set this up? I have seen large B2B and B2C platforms do this to
    transfer responsibility, and to a certain extent, risk on to a specialist
    third party.

    -----Original Message-----
    From: m p [mailto:sumirati@yahoo.de]
    Sent: 23 April 2003 01:05
    To: Alan R. Young; firewall-wizards@honor.icsalabs.com
    Subject: Re: [fw-wiz] secure infrastructure question

     --- "Alan R. Young" <aryoung@veros.com> schrieb: >
    Hello All
    >
    > I am looking for ideas and references.
    >
    > I want to set up a membership-based web site, where
    > the members can
    > leave their credit card on file with us, and after
    > they use up their
    > account balance, they can renew their membership
    > using the credit card
    > that we have on file.
    >
    > So how do you build a secure web infrastructure that
    > would maximize the
    > safety of the customers' credit cards accounts? What
    > type of
    > firewalls/etc would I need?
    >

    Firewalls? What for? You are asking for a complete
    setup. That is not a question for "what firewall
    vendor do you advise".

    Ok, so I will do a part of your work:

    You have your application running on the outside.
    There you send a message to a system in a private DMZ
    which has the accounting database _without_ the credit
    card numbers. Only the amount of time/money is stored
    there. And perhaps the last/first 5 digits of the CCN
    plus the issuer and the experation date.

    If the customer wants to renew his membership you will
    only display him those digits and perhaps the issuer
    and ask him if he wants to reuse that card.

    The CCNs will _only_ be stored in your heavy secured
    internal network and while in transit on the outside
    systems after the customer has entered it and before
    the inside system has polled them.

    That is a design and not a firewall question.

    Marc

    __________________________________________________________________

    Gesendet von Yahoo! Mail - http://mail.yahoo.de
    Bis zu 100 MB Speicher bei http://premiummail.yahoo.de
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    ********************************************************************************************
    " This message contains information that may be privileged or confidential and
    is the property of the Cap Gemini Ernst & Young Group. It is intended only for
    the person to whom it is addressed. If you are not the intended recipient, you
    are not authorized to read, print, retain, copy, disseminate, distribute, or use
    this message or any part thereof. If you receive this message in error, please
    notify the sender immediately and delete all copies of this message ".
    ********************************************************************************************

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Eric Tan Keng Siang (FS): "Re: RE: [fw-wiz] vpn with fw4.1 and ngfp3"

    Relevant Pages

    • Re: [fw-wiz] secure infrastructure question
      ... > leave their credit card on file with us, ... If the customer wants to renew his membership you will ... That is a design and not a firewall question. ...
      (Firewall-Wizards)
    • [Full-disclosure] Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vul
      ... Imperva SecureSphere Web Application Firewall and Database ... Firewall Bypass Vulnerability ...
      (Full-Disclosure)
    • RE: Databases
      ... have the private key to setup the tunnel through the firewall. ... Why use IPSec between web box and database? ... at are a server running either MySQL/APACHE/PHP or SQL Server 2000 ...
      (Security-Basics)
    • Re: ISA Firewall error (Service not starts)
      ... ISA server isn't on the same domain as my DC, and is in use as a perimeter ... This may be due to the firewall, i have one domain controller and one ... This can be due to a timeout connecting to the MSDE database. ... "The Microsoft Firewall was unable to connect to MSDE database. ...
      (microsoft.public.isa)
    • Re: Firewall Shutdown - Please help
      ... The default ISA configuration shuts down ISA if logging fails. ... Unfortunately, while I was on travel the last two weeks, the firewall ... Source: Microsoft Firewall Event ID: 21192 ... The Microsoft Firewall was unable to connect to MSDE database. ...
      (microsoft.public.windows.server.sbs)