Security for a digital sales server-hardware firewall?

johnspack · May 29, 2010

I'm looking for industrial strength hardware protection for a server that will have digital downloads. If software methods could be employed, I'd be interested as well, but I'm sure I need hardware protection. The method of sales are being dealt with by other parties, my job is to recommend security for this T3 server, which is based on the east coast of the states, and I'm mainly responsible for running. I need to make a recommendation to the owner as soon as possible. I've looked at many hardware firewall solutions, the best of course being much too expensive. This has to be something easy to employ, as I'm a continent away, and can't be there to install it. The owner at this time does not have a lot of funds for this. Any ideas for this anyone? Go easy on me, I'm more hardware tech than IS guy, so some of this is a bit new, but I have to learn it....

Hybrid_theory · May 29, 2010

You're doing sales, you need someone with knowledge to install it and configure it, you honestly cant get a good solution that a newbie can install.

The server itself needs to be hardened. If its running IIS or apache, make sure to follow guides for hardening those solutions, there are also several for windows server 2003/2008 and variants of Linux on how to harden them. You'll want to configure software firewalls properly, allow as little as you need to for the server to run. Install some anti virus, whether Linux or Windows. Linux has clam AV, for windows go with something commercial.

For a firewall, really depends what kind of traffic you're to expect. The Cisco ASA's for example can handle a lot of traffic in the higher models, like ISP amounts. So you could look at one of the lower models maybe, see if they're in price range. If not, DLink sells commercial firewalls for a reasonable price. As does Barracuda.

If this is a web server, you may want to place it in a DMZ on the firewall. But if it just interfaces with one, put it behind the firewall and your web server on the DMZ, and just allow communications between the two that are needed.

IggSter · May 29, 2010

Have a look at Juniper for a firewall solution. They tend to be just as good as Cisco, a good bit cheaper and mostly managed and configured via a GUI.

W1zzard · May 29, 2010

are you looking for protection against intrusion? DOS? or simply to protect the downloads from unauthorized download ? how are you distributing the files? http? ftp?
do you need to protect a whole network or just a single machine?

johnspack · May 31, 2010

Ug, I think I need to talk to the team more about this. Probably http download link with ssl enabled verisign link or similar. There's even talk about linking through GoDaddy. I don't know much about this yet, so I don't know what to recommend yet. I believe the server itself is on linux, and on some kind of secure rack, possibly with a linux firewall in front of it. It may get shifted to the windows server I manage however, and that worries me. I think intrusion is the least of my worries, but still a concern, I'm worried more about secure transactions of the product. I would only need to protect a single server for this. This may be a bit above our heads yet, but they insist on going ahead. So, any tips, yes please!

Hybrid_theory · May 31, 2010

If it is indeed a webserver, IIS is actually more secure than apache. There's little configuration needed out of the box with it. And since it is used less than Apache, it is attacked less.
If you're worried about transactions across the web, ssl enabled verisign is a good way to go.

Easy Rhino · May 31, 2010

secure transactions, aye? a lot of it depends on what billing company (if any) your organization goes through. a lot of times going with a third party billing company saves money and is more secure. transactions are done over SSL and on THEIR servers. you simply provide a link or some sort of form to make the transaction. i don't know of any specific software as these will be web based purchases i am guessing. after purchase, you can allow http or ftp downloads. personally, ftp is the way to go. every purchase should generate a unique ID and KEY that can be used to authorize the download. if you are worried about somebody being able to intrude on your network and download data without authorization make sure you have strict security settings. have at least 1 firewall in front of the host server. are you guys co-locating your servers? that would be the best bet if security is an issue. they tend to handle all of that and provide their clients with a best practice guide so you can understand how they operate and ways to keep all of your downloads secure.

System Name	System2 Blacknet , System1 Blacknet2
Processor	System2 Threadripper 1920x, System1 2699 v3
Motherboard	System2 Asrock Fatality x399 Professional Gaming, System1 Asus X99-A
Cooling	System2 Noctua NH-U14 TR4-SP3 Dual 140mm fans, System1 AIO
Memory	System2 64GBS DDR4 3000, System1 32gbs DDR4 2400
Video Card(s)	System2 GTX 980Ti System1 GTX 970
Storage	System2 4x SSDs + NVme= 2.250TB 2xStorage Drives=8TB System1 3x SSDs=2TB
Display(s)	2x 24" 1080 displays
Case	System2 Some Nzxt case with soundproofing...
Audio Device(s)	Asus Xonar U7 MKII
Power Supply	System2 EVGA 750 Watt, System1 XFX XTR 750 Watt
Mouse	Logitech G900 Chaos Spectrum
Keyboard	Ducky
Software	Manjaro, Windows 10, Kubuntu 23.10
Benchmark Scores	It's linux baby!

System Name	home brew
Processor	Intel Corei7 3770K OC @ 4.5Ghz
Motherboard	ASUS P8Z77-V
Cooling	Corsair H100
Memory	16GB DDR3 1600 GSKILL
Video Card(s)	Powercolor Radeon 7970, MSI Radeon 7970
Storage	Mushkin Chronos Deluxe 240gb. 2 TB Hdd.
Display(s)	3x24inch Dell Ultra IPS
Case	CM storm trooper
Power Supply	Antec Quattro OC ed. 1200w
Software	Windows 7 Business x64
Benchmark Scores	vantage: P43089

System Name	Bitch / Dogma
Processor	955 BE @ 3.8Gig / 9850 @stock
Video Card(s)	8800 GTX 512 / 4890
Storage	8 x Samsung F2 1.5TB, 8 x Seagate 500s
Display(s)	Acer 24 / Dell 24
Case	Lian li / Akasa
Software	Win server 2008 / Win 7

Processor	Ryzen 7 5700X
Memory	48 GB
Video Card(s)	RTX 4080
Storage	2x HDD RAID 1, 3x M.2 NVMe
Display(s)	30" 2560x1600 + 19" 1280x1024
Software	Windows 10 64-bit

System Name	System2 Blacknet , System1 Blacknet2
Processor	System2 Threadripper 1920x, System1 2699 v3
Motherboard	System2 Asrock Fatality x399 Professional Gaming, System1 Asus X99-A
Cooling	System2 Noctua NH-U14 TR4-SP3 Dual 140mm fans, System1 AIO
Memory	System2 64GBS DDR4 3000, System1 32gbs DDR4 2400
Video Card(s)	System2 GTX 980Ti System1 GTX 970
Storage	System2 4x SSDs + NVme= 2.250TB 2xStorage Drives=8TB System1 3x SSDs=2TB
Display(s)	2x 24" 1080 displays
Case	System2 Some Nzxt case with soundproofing...
Audio Device(s)	Asus Xonar U7 MKII
Power Supply	System2 EVGA 750 Watt, System1 XFX XTR 750 Watt
Mouse	Logitech G900 Chaos Spectrum
Keyboard	Ducky
Software	Manjaro, Windows 10, Kubuntu 23.10
Benchmark Scores	It's linux baby!

Security for a digital sales server-hardware firewall?

johnspack

Here For Good!

Hybrid_theory

IggSter

W1zzard

Administrator

johnspack

Here For Good!

Hybrid_theory

Easy Rhino

Linux Advocate

System Name	Desktop
Processor	i5 13600KF
Motherboard	AsRock B760M Steel Legend Wifi
Cooling	Noctua NH-U9S
Memory	4x 16 Gb Gskill S5 DDR5 @6000
Video Card(s)	Gigabyte Gaming OC 6750 XT 12GB
Storage	WD_BLACK 4TB SN850x
Display(s)	Gigabye M32U
Case	Corsair Carbide 400C
Audio Device(s)	On Board
Power Supply	EVGA Supernova 650 P2
Mouse	MX Master 3s
Keyboard	Logitech G915 Wireless Clicky
Software	The Matrix