Mailinglist Archive: opensuse-security (145 mails)

< Previous Next >
VPN and web application security
  • From: Derek Fountain <dflists@xxxxxxxxxxxx>
  • Date: Sat, 13 Nov 2004 14:33:26 +0800
  • Message-id: <200411131433.27205.dflists@xxxxxxxxxxxx>
I speak from a position of total ignorance on VPNs. I've never used one. :o)

A friend of mine has a web application running on an Internet facing server -
web front end, DB backend, username/password login, that sort of stuff. He's
hoping (with justifyable optimism in my opinion) to build it into a high
value service. Therefore he needs it to be secure, which at the moment it
isn't - well, not beyond the basic username/password login screen.

I was considering his options. The obvious one is to build a decent firewall
to put in front of it and to harden the server as much as possible. But then
it occurred to me that since he's going to have only a handful (a few
hundred, maybe) of well paying customers, perhaps there are alternatives. May
some sort of VPN is one? I'm sort of thinking of a system where a customer
uses some sort of software to create a completely secure link to the
application server. The idea being to prevent interceptable data flying about
the Internet, and to prevent having an obvious "front door" which an attacker
might start hammering on.

Um, does any of this make sense? Are there any alternatives I should be
looking at for him? Or is this just a case of using good old secure HTTP and
being done with it?

< Previous Next >
Follow Ups