Mailinglist Archive: opensuse-security (145 mails)

< Previous Next >
Re: [suse-security] VPN and web application security
Hi,

I was considering his options. The obvious one is to build a decent
firewall
to put in front of it and to harden the server as much as possible. But
then

Um, does any of this make sense? Are there any alternatives I should be
looking at for him? Or is this just a case of using good old secure HTTP
and
being done with it?

If you use VPN, you would like to create a LAN with private IPs behind a VPN
Gateway.
The server is in this LAN - this setup makes sense only if you're not able
to secure the machine.
Disadvantages are the need for client software and all the trouble with
supporting the clients, anyway
you have to secure the gateway. Performance/costs are worse compared to a
https setup.

I would suggest to use a hardend server with only https running, and for
more security the usage
of a own CA, in combination with a configuration that checks client
certificates. In such a setup
you will need username, password and certificate to access the web service.

Ciao,
Dieter


< Previous Next >
References