I'm looking for your thoughts and opinions on this. Note: By reading this, you agree that you are not holding anyone that posts responsible for what they say or suggest. By posting, you will not be held responsible for any outcomes that occur from the use of your information.

I think the best way to do this is to provide 2 scenarios. 1) a very large budget and 2) a minimal budget. What security measures and features would you put up to make sure that your clients information and CC numbers are stored on your servers in the MOST SECURE way. What SSL cert would you get? What O/S would you use? What software would/wouldn't you have installed? What type of database would you store it in? What kind of server setup would you use if there was more than 1 server involved?

Please post your answers to the above 2 scenarios. I've seen posts where people say that security measures need to be put in place but they never really suggest what to do. If you had to store the information on servers for software use, how would you do it?

Thanks.

For the cheap, I'd have the CC's encrypted on the server via PGP or GPG... Then emailed to my private email box..

The unencrypted email would be stored on a computer thats not even hooked up to the web, and all CC proccessing would be done by hand via SSL...

All SSL certs are about the same, its the same kinda encryption... Hell a self-signed works just fine....

And expensive solution... Hmmm....

A secured colocated box, running FreeBSD, with an encrypted partition for the credit cards... I would then have another secure box that would take the information from the user...

The two secure boxes would have a small network between them, the box with the CC's would not have a direct internet connection...


I haven't had to set up a system like that before, but thats about what I'd do... And of course, I'm half a sleep right now so I'm prolly missing something...

Your suggestion is a lot like what I was thinking.

Server 'A' would serve the entire web site and would have an SSL cert installed. 'A' would take the information over the SSL connection and encrypt it. 'A' would connect to MySQL on an internal network server, that doesn't have a real IP (Server B), as an encrypted field. 'B' would then store the data until it was needed for use by 'A'.

I don't know the best software and O/S to use for this, thats kind of why I wanted to post....to find out what you feel is the best O/S to use for a secure "solution". It makes me feel better that the design that I thought of is someone elses, also.

How much more secure could that setup above be? Of course, you could get into security guards around the server, but we'll just consider that the datacenter it's at has things like that in place (armed guards, key entry, cameras, etc.)

Anyone else?

The most secure OS is the one you are most comfortable with.

Be it GNU/Linux, *BSD, WinNT or whatever...

I personally wouldn't ever use WinNT based on track record but then there's people like the hired guns at rackmy.com who can make a WinNT machine cry for mercy.

On that same token, a GNU/Linux box can be just as insecure or error prone as a WinNT box especially with the recent Apache vulnerabilities.

Bottom line, use your tools, don't try the "most secure" just use what you know is secure.

...or hire a trusted admin (and get them finger printed, seriously)

-davidu

Greetings:

If high budget...

Network Infrastructure:

Switches vs. hubs
Servers have dedicated eithernet connection
Servers connections only to core router

Server Infrastructure:

Hardended Operating System
Enterpise version of server software

Security Infrastructure

Managed firewall
Managed Intrusion Detection System (IDS)
No telnet
Only necessary services and ports
Cannot ssh directly into root

Client server database

Data is encrypted

Other

Any highly sensitive data like CC information should not be stored on a server for any long period of time.

Any computer on a network can be hacked given time and resources.