Re: Server setup file encryption

["Saqib Ali" <docbook.xml () gmail com>]

I think you are trying to elegantly solve the wrong problem.

Your Requirement: Prevent anyone from accessing the confidential info
except from the webapplication.

The problem: Preventing people from directly connecting to the
apache/mysql and accessing the confidential info using a alternate
route.

If you just look at the problem statement, you need a way to prevent
direct access to the servers hosting the apache and mysql. This can be
done using a reverse proxy or a graphical firewall

1) Reverse Proxy: In this scenario you have reverse proxy server in
DMZ, that processes all the requests to the web application. Your
apache + mysql + web application will reside inside the firewall, and
the only connection to the application is using the reverse proxy
(i.e. port 80/HTTP). If implemented properly with appropriate
filtering this mechanism will provide enough protection for you
confidential documents.

2) Graphical Firewall: This can be implemented using Citrix. It can be
pricey but may be confidentiality requirements of your documents
justify the cost. In this case, all the components (apache, mysql,
webapp, citrix) reside inside the firewall.You only poke one whole in
your firewall for the ICA (Citrix protocol) traffic. Publish "only"
Internet Explorer/Firefox on the Citrix server, and allow only the
loading of your web app in the web browser. This will provide pretty
solid protection for your confidential documents.

Note: One added benefit of solution #2 is that nothing gets downloaded
to the user's computer, so no one can steal it from the client's cache
either.

saqib
http://www.full-disk-encryption.net


On 12/24/06, kreno <kreno () kreno be> wrote:
> Hello,
> We are trying to find an elegant solution to the following problem:
> Our webapplication needs to access highly sensitive data. Leaving the
> data unencrypted is unacceptable. Here is the setup: currently there are
> 2 boxes (we are not limited in hardware so if your solution involves
> more servers this would not be an issue), 1 MySQL database server and 1
> Apache webserver (with sensitive data) both running Linux. Note that the
> sensitive data currently resides in files, but this could easily be
> migrated into a database structure. Now, the problem is to provide some
> security on the sensitive data in case the server (database or web) is
> compromised.
> This could be an answer:
>
> Encrypt all sensitive data on the webserver and store the key in the
> database. However, if the webserver is compromised then the MySQL
> authentication information is easily found and thus also access to the
> database and the keys to the encrypted files. But, our webapplication
> has improved its security because it can only show usefull data when
> calling the appropriate decrypt routines. Meaning in case of
> vulnerabilities which might give access to the files only scrambled data
> would appear. Even more, there would only be a trace in the memory of
> the decrypted file. There is no need to decrypt and store the file on
> the disk.
> It seems the returning weak link in all our solutions appears to be the
> need of hard coded authentication information on our webserver in order
> to connect to our database, which opens the world.
> Are there any techniques available to secure our
> application/code/server/data?
>
> My apologies if this was sent to the wrong list.
>
> Kind regards,
> Thomas.


--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net