[web] Your company financial data on a 3rd party webserver
Author
I have hosted my own server for 10 years and want to move to shared hosting or a VPS. My main concern is having all of my order history on a server that admins of the host will have access to. Is there a way to protect my company financial and customer data? Should I be worried about this?
If you're worried about it, encrypt it. If you're really worried about it then don't put it on a third party server.
If you store it on a third party server and need to view it from that server, e.g. From a web app, remember that you would need to decrypt it there so all neccessary info to decrypt it will be there anyway and this will only be a minor fly in the ointment to any intruder. Consider encrypting the info using a users ssl fingerprint hash as a salt or such, so that even if a hacker gains access to the database the info within is useless without also having a specific ssl certificate file which you can distribute to a subset of trusted employees (eg accountants and director) - would this be of use?
Um SSL certs are installed on the server end so they're "available" to everyone, technically. However, you should definitely implement some sort of user authentication/authorization scheme. If you can't afford to utilize physical RSA tokens you could set up a random code that gets generated every day and then made available to the appropriate managers who can then dole them out as need via paper or somesuch so a user would need their own personal login credential as well as this code to log in. That should make it relatively secure. But yes, force ALL interactions with this server to be done over SSL. I just didn't go into this kind of explanation in my first post because you mentioned already having had a server but am wondering about hosting it on a 3rd party server so you *should* already have something like this in place already.
I was referring to client certs, these should not be available to everyone. I have a personal client cert installed in firefox and i have designed several of our office web based systems to authenticate me via it rather than a password, being much more secure and convenient.
Eh, unless the cert info is sent over an SSL connection I wouldn't be too sure about it's security.
Well, you wouldnt give the certs to people via the internet. The best way to do this would be to meet in person giving them a CD or usb stick or such with the certificate file on it.
Failing that, you can have them generate their own certs, have them tell you just the fingerprint id of their generated cert (over skype or such) then use a combination of all the fingerprints as the encryption key of your data.
Of course this means that if an employee leaves you have to revoke their cert and then re-encrypt all the company data either without their key, or with a new key of the new starter.
Maybe that's going a bit overboard though...
after all, they must install that certificate into their web browser and if their PC is infected with a trojan the certificate files may be taken, and maybe the password could be bruteforced from the certificate, so in the end it would all count for squat.
Failing that, you can have them generate their own certs, have them tell you just the fingerprint id of their generated cert (over skype or such) then use a combination of all the fingerprints as the encryption key of your data.
Of course this means that if an employee leaves you have to revoke their cert and then re-encrypt all the company data either without their key, or with a new key of the new starter.
Maybe that's going a bit overboard though...
after all, they must install that certificate into their web browser and if their PC is infected with a trojan the certificate files may be taken, and maybe the password could be bruteforced from the certificate, so in the end it would all count for squat.
Well, you wouldnt give the certs to people via the internet. The best way to do this would be to meet in person giving them a CD or usb stick or such with the certificate file on it.
Failing that, you can have them generate their own certs, have them tell you just the fingerprint id of their generated cert (over skype or such) then use a combination of all the fingerprints as the encryption key of your data.
Of course this means that if an employee leaves you have to revoke their cert and then re-encrypt all the company data either without their key, or with a new key of the new starter.
Maybe that's going a bit overboard though...
My SSL comment was more about a man-in-the-middle attack where someone is sniffing packet data. They could easily intercept the cert verification info and be able to "be you."
surely, they cannot intercept the certificate validation. to do so would be a flaw in the ssl protocol so vast that it would make all ssl authentication by client certificate completely useless.
I am referring to proper diffie-hellman style key exchange that is at the lowest level of the ssl protocol, client and server certificates are exchanged in the same way and validated in the same way. Therefore if they were able to man-in-the-middle your client cert they could do the same to the server cert, making it completely pointless :-)
Here is a page documenting what i mean and why it is as secure as you'll get, and avoids all issues of writing risky encryption and authentication yourself: http://it.toolbox.com/blogs/securitymonkey/howto-securing-a-website-with-client-ssl-certificates-11500
I am referring to proper diffie-hellman style key exchange that is at the lowest level of the ssl protocol, client and server certificates are exchanged in the same way and validated in the same way. Therefore if they were able to man-in-the-middle your client cert they could do the same to the server cert, making it completely pointless :-)
Here is a page documenting what i mean and why it is as secure as you'll get, and avoids all issues of writing risky encryption and authentication yourself: http://it.toolbox.com/blogs/securitymonkey/howto-securing-a-website-with-client-ssl-certificates-11500
Author
Thanks for the discussion guys, I need to explain some more: my customer data on my server is name, email, address, order amount, products bought, etc. What I don't want is anyone other than myself access to this data, I am mainly concerned with financial data (the total sales history of my products) the issue I have is customers can request their registration code or change their email in my system, so I can't remove the data that is old, or encrypt it because it will need to be encrypted/decrypted with each database query wouldn't it, if that is even possible? Even so the encryption keys would need to be on the server, and if they have access to the server they have access to the keys.
One idea I had is to simply remove all of the dates and price information from my database on the server, and keep a database with the dates locally, then do a sync every month or so removing the older dates on the server. This wouldn't remove all of my historical sales data but would remove two important factors, timing and pricing.
I'm not really _that_ worried about it, but would like to protect it is possible.
One idea I had is to simply remove all of the dates and price information from my database on the server, and keep a database with the dates locally, then do a sync every month or so removing the older dates on the server. This wouldn't remove all of my historical sales data but would remove two important factors, timing and pricing.
I'm not really _that_ worried about it, but would like to protect it is possible.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
