[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: minivend security model

To: Mark Stosberg <mark@summersault.com>
Subject: Re: minivend security model
From: Joe Hourcle <oneiros@dcr.net>
Date: Thu, 17 Dec 1998 19:44:50 -0500 (EST)
cc: steve@lwww.com, Minivend Users <minivend-users@minivend.com>
In-Reply-To: <36796B89.6E4EB19@summersault.com>
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from Joe Hourcle <oneiros@dcr.net>     ******

On Thu, 17 Dec 1998, Mark Stosberg wrote:

> ******    message to minivend-users from Mark Stosberg <mark@summersault.com>     ******
> 
>  That's very useful. To be explicit about what I was referring to: We
> would like to have a secure machine on which normal users can't even get
> shell access, or perhaps   FTP. Perhaps this is overly paranoid,
> especially since we'll be storing data in a database on yet another
> machine, that is itself secure (because no one but administrators can
> get to it, and only from trusted machines on a secure network).
>  If no sensitive data is stored unencypted on the minivend machine, it
> seems safe to give users access to it. (which seems to be MiniVend's model)
>   We're assuming the worst: that opening up FTP and Shell access to
> users significantly increases the chance of someone gaining root access,
> and then can browse unencypted sensitive data at will.
>   Thoughts?	

To keep security holes to a minimum, you want yor secure server to run as
few services as possible,  In this case, we must have HTTPS (of course),
and to keep minivend happy, we also need it having HTTP. (and minivend,
it's technically a service)

As for FTP/Telnet, I wouldn't even turn them on for the machine.
use SSH, instead of telnet, and limit it to only the machines that need
access to it.  Naturally, only the system administrators should be the
ONLY ones with accounts on the machine.  The machine should not do SMTP,
POP, IMAP, etc. It should be _solely_ a web server.

instead of using FTP to move files, you should use SCP.

(this would be of course, in an ideal environment.  Realistically, there's
a good chance that your server might need to do something else, if you're
in a small shop.  We're not using https for minivend, as we're not taking
credit card info.  The one reason we have https doesn't justify a whole
new machine for it, however, almost all of the traffic going to it from
the outside office is filtered, and there aren't too many services that
are on the machine.)

-----
Joe Hourcle
Digital Crescent, Inc.

-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

Follow-Ups:
- Re: minivend security model
  - From: Minivend Administrator <minivend@nterprise.net>

References:
- Re: minivend security model
  - From: Mark Stosberg <mark@summersault.com>

Prev by Date: Re: include
Next by Date: RE: include
Prev by thread: Re: minivend security model
Next by thread: Re: minivend security model
Index(es):
- Date
- Thread