Firewall Wizards mailing list archives
Re: secure infrastructure question
From: m p <sumirati () yahoo de>
Date: Wed, 23 Apr 2003 02:05:22 +0200 (CEST)
--- "Alan R. Young" <aryoung () veros com> schrieb: > Hello All
I am looking for ideas and references. I want to set up a membership-based web site, where the members can leave their credit card on file with us, and after they use up their account balance, they can renew their membership using the credit card that we have on file. So how do you build a secure web infrastructure that would maximize the safety of the customers' credit cards accounts? What type of firewalls/etc would I need?
Firewalls? What for? You are asking for a complete setup. That is not a question for "what firewall vendor do you advise". Ok, so I will do a part of your work: You have your application running on the outside. There you send a message to a system in a private DMZ which has the accounting database _without_ the credit card numbers. Only the amount of time/money is stored there. And perhaps the last/first 5 digits of the CCN plus the issuer and the experation date. If the customer wants to renew his membership you will only display him those digits and perhaps the issuer and ask him if he wants to reuse that card. The CCNs will _only_ be stored in your heavy secured internal network and while in transit on the outside systems after the customer has entered it and before the inside system has polled them. That is a design and not a firewall question. Marc __________________________________________________________________ Gesendet von Yahoo! Mail - http://mail.yahoo.de Bis zu 100 MB Speicher bei http://premiummail.yahoo.de _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- secure infrastructure question Alan R. Young (Apr 22)
- Re: secure infrastructure question m p (Apr 22)
- <Possible follow-ups>
- RE: secure infrastructure question Ahmed, Balal (Apr 23)
- RE: secure infrastructure question Carl Friedberg (Apr 23)