• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Security for a digital sales server-hardware firewall?

Joined
Oct 6, 2007
Messages
5,154 (1.37/day)
Likes
1,219
Location
Nelson B.C. Canada
System Name Blacknet
Processor E5-1650 Xeon @ 4.7Ghz
Motherboard Asus P9X79 Pro
Cooling Noctua NH-D14/7case fans
Memory 32gb Gskill 1866 Cas9
Video Card(s) Asus Strix GTX970 OC
Storage 2x Toshiba 3TB, Seagate 2TB, 2x EVO 850 250GB
Display(s) 27" Asus VS278Q 1ms
Case Antec 1200
Audio Device(s) Soundblaster Z + AKG Q701 Studio Monitors
Power Supply XFX XTR 750 Gold
Mouse Corsair Vengeance M95
Keyboard Cheap Azio
Software Kubuntu 17.10, Win7 x64 SP1 Ultimate
Benchmark Scores Average....
#1
I'm looking for industrial strength hardware protection for a server that will have digital downloads. If software methods could be employed, I'd be interested as well, but I'm sure I need hardware protection. The method of sales are being dealt with by other parties, my job is to recommend security for this T3 server, which is based on the east coast of the states, and I'm mainly responsible for running. I need to make a recommendation to the owner as soon as possible. I've looked at many hardware firewall solutions, the best of course being much too expensive. This has to be something easy to employ, as I'm a continent away, and can't be there to install it. The owner at this time does not have a lot of funds for this. Any ideas for this anyone? Go easy on me, I'm more hardware tech than IS guy, so some of this is a bit new, but I have to learn it....
 
Joined
Mar 31, 2007
Messages
1,895 (0.48/day)
Likes
162
Location
ontario canada
System Name home brew
Processor Intel Corei7 3770K OC @ 4.5Ghz
Motherboard ASUS P8Z77-V
Cooling Corsair H100
Memory 16GB DDR3 1600 GSKILL
Video Card(s) Powercolor Radeon 7970, MSI Radeon 7970
Storage Mushkin Chronos Deluxe 240gb. 2 TB Hdd.
Display(s) 3x24inch Dell Ultra IPS
Case CM storm trooper
Power Supply Antec Quattro OC ed. 1200w
Software Windows 7 Business x64
Benchmark Scores vantage: P43089
#2
You're doing sales, you need someone with knowledge to install it and configure it, you honestly cant get a good solution that a newbie can install.

The server itself needs to be hardened. If its running IIS or apache, make sure to follow guides for hardening those solutions, there are also several for windows server 2003/2008 and variants of Linux on how to harden them. You'll want to configure software firewalls properly, allow as little as you need to for the server to run. Install some anti virus, whether Linux or Windows. Linux has clam AV, for windows go with something commercial.

For a firewall, really depends what kind of traffic you're to expect. The Cisco ASA's for example can handle a lot of traffic in the higher models, like ISP amounts. So you could look at one of the lower models maybe, see if they're in price range. If not, DLink sells commercial firewalls for a reasonable price. As does Barracuda.

If this is a web server, you may want to place it in a DMZ on the firewall. But if it just interfaces with one, put it behind the firewall and your web server on the DMZ, and just allow communications between the two that are needed.
 
Joined
Aug 24, 2007
Messages
443 (0.12/day)
Likes
128
Location
BY-S36
System Name Bitch / Dogma
Processor 955 BE @ 3.8Gig / 9850 @stock
Video Card(s) 8800 GTX 512 / 4890
Storage 8 x Samsung F2 1.5TB, 8 x Seagate 500s
Display(s) Acer 24 / Dell 24
Case Lian li / Akasa
Software Win server 2008 / Win 7
#3
Have a look at Juniper for a firewall solution. They tend to be just as good as Cisco, a good bit cheaper and mostly managed and configured via a GUI.
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
17,158 (3.43/day)
Likes
18,108
Processor Core i7-4790K
Memory 16 GB
Video Card(s) GTX 1080
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 7
#4
are you looking for protection against intrusion? DOS? or simply to protect the downloads from unauthorized download ? how are you distributing the files? http? ftp?
do you need to protect a whole network or just a single machine?
 
Last edited:
Joined
Oct 6, 2007
Messages
5,154 (1.37/day)
Likes
1,219
Location
Nelson B.C. Canada
System Name Blacknet
Processor E5-1650 Xeon @ 4.7Ghz
Motherboard Asus P9X79 Pro
Cooling Noctua NH-D14/7case fans
Memory 32gb Gskill 1866 Cas9
Video Card(s) Asus Strix GTX970 OC
Storage 2x Toshiba 3TB, Seagate 2TB, 2x EVO 850 250GB
Display(s) 27" Asus VS278Q 1ms
Case Antec 1200
Audio Device(s) Soundblaster Z + AKG Q701 Studio Monitors
Power Supply XFX XTR 750 Gold
Mouse Corsair Vengeance M95
Keyboard Cheap Azio
Software Kubuntu 17.10, Win7 x64 SP1 Ultimate
Benchmark Scores Average....
#5
Ug, I think I need to talk to the team more about this. Probably http download link with ssl enabled verisign link or similar. There's even talk about linking through GoDaddy. I don't know much about this yet, so I don't know what to recommend yet. I believe the server itself is on linux, and on some kind of secure rack, possibly with a linux firewall in front of it. It may get shifted to the windows server I manage however, and that worries me. I think intrusion is the least of my worries, but still a concern, I'm worried more about secure transactions of the product. I would only need to protect a single server for this. This may be a bit above our heads yet, but they insist on going ahead. So, any tips, yes please!
 
Joined
Mar 31, 2007
Messages
1,895 (0.48/day)
Likes
162
Location
ontario canada
System Name home brew
Processor Intel Corei7 3770K OC @ 4.5Ghz
Motherboard ASUS P8Z77-V
Cooling Corsair H100
Memory 16GB DDR3 1600 GSKILL
Video Card(s) Powercolor Radeon 7970, MSI Radeon 7970
Storage Mushkin Chronos Deluxe 240gb. 2 TB Hdd.
Display(s) 3x24inch Dell Ultra IPS
Case CM storm trooper
Power Supply Antec Quattro OC ed. 1200w
Software Windows 7 Business x64
Benchmark Scores vantage: P43089
#6
If it is indeed a webserver, IIS is actually more secure than apache. There's little configuration needed out of the box with it. And since it is used less than Apache, it is attacked less.
If you're worried about transactions across the web, ssl enabled verisign is a good way to go.
 

Easy Rhino

Linux Advocate
Joined
Nov 13, 2006
Messages
14,414 (3.53/day)
Likes
4,275
System Name VHOST01 | Desktop
Processor i7 980x | i5 7500 Kaby Lake
Motherboard Gigabyte x58 Extreme | AsRock MicroATX Z170M Exteme4
Cooling Prolimatech Megahelams | Stock
Memory 6x4 GB @ 1333 | 2x 8G Gskill Aegis DDR4 2400
Video Card(s) Nvidia GT 210 | Nvidia GTX 970 FTW+
Storage 4x2 TB Enterprise RAID5 |Corsair mForce nvme 250G
Display(s) N/A | Dell 27" 1440p 8bit GSYNC
Case Lian Li ATX Mid Tower | Corsair Carbide 400C
Audio Device(s) NA | On Board
Power Supply SeaSonic 500W Gold | Seasonic SSR-650GD Flagship Prime Series 650W Gold
Mouse N/A | Logitech G900 Chaos Spectrum
Keyboard N/A | Posiden Z RGB Cherry MX Brown
Software Centos 7 | Windows 10
#7
secure transactions, aye? a lot of it depends on what billing company (if any) your organization goes through. a lot of times going with a third party billing company saves money and is more secure. transactions are done over SSL and on THEIR servers. you simply provide a link or some sort of form to make the transaction. i don't know of any specific software as these will be web based purchases i am guessing. after purchase, you can allow http or ftp downloads. personally, ftp is the way to go. every purchase should generate a unique ID and KEY that can be used to authorize the download. if you are worried about somebody being able to intrude on your network and download data without authorization make sure you have strict security settings. have at least 1 firewall in front of the host server. are you guys co-locating your servers? that would be the best bet if security is an issue. they tend to handle all of that and provide their clients with a best practice guide so you can understand how they operate and ways to keep all of your downloads secure.