• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Jeanne Boyarsky
  • Ron McLeod
Sheriffs:
  • Paul Clapham
  • Liutauras Vilda
  • Devaka Cooray
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

Part II, System architecture: Firewall and SSL,

 
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi java gurus:
I have several questions that I was confused about regarding firewall and SSL , since I don?t have experience on the system architecture. Please correct me if I am wrong.
1. SSL have the mechanism to ensure the communication between the client and web server. Since SSL will authenticate both party, and deny illegal access, does this imply that using SSL could replace fire wall in securing the network communication? But this could not be true, any thought?
2. In a VPN, could it be possible using RMI over IIOP to communicate between client and server by SSL? I guess it is ok, since it is possible tuning the data through HTTP.
3. Since VPN is secured connection between client and the server, if it is an overkill to use SSL over VPN connection?

thanks
/bill
 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Let me try to answer (I am no expert either)
1. Firewalls are meant to restrict access to networks or parts of networks while SSL is for secure communications (once the parties can communicate). So they have different purposes in life.
2. Yes it should be
3. VPN is not a secured connection between client and server, only the parts that go from the remote machine (client) to the VPN server (or the tunnel that goes over the internet is secure). The traffic from there to the destination (server) may or may not be encrypted. So if you still want to secure the entire communication you need to use SSL.
cheers
 
bill lubx
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The idea of using SSL or Firewall or both was coming up with design decision of a system within the budget. In other words, how to build a secured system within limited budget (after Dow down to 7700, it is a reasonable consideration).
Say, if SSL could satisfied most security requirement, it would be the first choice, in this case, I could save few dollars on the hardware and/or software for a firewall.
For a B2B solution, since client usually carry certificates (in part II, the ticket agents as application clients in a VPN ), the server will deny any accesses from an untrusted party. Since firewall would do the same thing but need to throw more currency from the packet. I would prefer SSL solution if I have a tight budget.
It might sounds silly for this question since firewall is regarding the network security, while SSL regarding secure communication.
Well, What will happen if a webserver stands out of a DMZ but only allowed SSL connection? Does this server could survive in illegal attacks? And what kind attack would be? If considering the certificates that the client carry would satisfied the security requirement. And assuming the certificates could not be hold by a bully party.
cheers
/bill
 
You will always be treated with dignity. Now, strip naked, get on the probulator and hold this tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic