ISP infrastructure - user database and authentication
From: Jean-Simon Durand (bugtraq@supernet.ca)Date: 07/30/01
- Previous message: Andrew Jones: "RE: Remote Administration on W2K"
- Next in thread: Devdas Bhagat: "Re: ISP infrastructure - user database and authentication"
- Reply: Devdas Bhagat: "Re: ISP infrastructure - user database and authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <002301c11888$483bebf0$0100000a@peon> From: "Jean-Simon Durand" <bugtraq@supernet.ca> To: <SECURITY-BASICS@securityfocus.com> Subject: ISP infrastructure - user database and authentication Date: Sun, 29 Jul 2001 19:43:34 -0400
Hi,
[I also sent this to pen-test.]
I am currently working for an ISP and we are going to build a new
infrastructure and implement a new billing system in the next few months. I
am in charge or the network and security aspects. We are facing a bit of a
problem with the authentication and user database infrastructure. I am
hoping that someone on security-basics can suggest a good solution.
Our mail, web, ftp and other public servers will be in a DMZ. I assume that
these servers are insecure because they offer complex services and I also
assume that root can be compromised on any of these servers.
We plan to use ldap for our user/password database. Our primary and backup
ldap servers will be in a private network segment protected by 2 levels of
firewall (iptables and ip filter). Our billing server (customer informations
including credit cards) will be in that same private segment.
The most important things to protect on our network will be :
1 - credit card numbers and customer informations
2 - user and password database
3 - home directories and emails
Let's start with number 3. Home directories and clear text emails are not
supposed to contain any sensitive informations so we don't mind if an
intruder accesses them for a short period of time. In case they get trashed,
we'll have daily backups.
As for #2, the user database has to be readable by the servers to get the
uid, home directory, etc. What we don't want is the encrypted user passwords
to be accessible in case someone obtains root on a server. Right now, we use
NIS+ and our shell server is the only server with a satisfactory setup. It
authenticates users with radius and gets the rest of the user informations
from a local database that is rsynched after stripping the password fields.
This works, but it's a complicated setup and I was wondering if there's a
better way to do this. Does ldap support a compare funtion that is done
server side? If there is, I suppose that the existing ldap authentication
modules supports this?
In #3, we also have a problem. We want to allow our customers to access some
of their account informations online, so some parts of the database on the
billing server will be accessible by a web server on the DMZ. The database
will be either under MS SQL or Oracle 8. If the web server gets compromised,
are there risks of someone accessing the credit card data thru the database
connection? Is there a better way to set this up?
Thanks to anyone who can provide some advices.
Jean-Simon Durand
Montreal, Quebec, Canada
- Previous message: Andrew Jones: "RE: Remote Administration on W2K"
- Next in thread: Devdas Bhagat: "Re: ISP infrastructure - user database and authentication"
- Reply: Devdas Bhagat: "Re: ISP infrastructure - user database and authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
