• Post Reply Bookmark Topic Watch Topic
  • New Topic

how can we secure our application server and DB server  RSS feed

 
Bilal Ali
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear All,
We are working on a Online Payment Transactions system , we are developing it in JSP , struts , beans and servlets , our end database is SYBASE and our server is WebSphere , our whole product is complete and we are about to launch it , I have two questions :

1- How can we make our server (WebSphere) secure so that the end users using our web application cannot access it , if some haker kind of user attempts to access our server , what security frameworks , security mechanisms are available for online web servers which we should adopt or integrate in our application to make our server more and more secure , if know about some industry standard security frameworks or techniques which are being used by banks or financial institutes than please suggest.

2- Same is the question for out DB Server that how can we make it secure so that no end user can access , what can be possiable security threats for a DB server of web applications and how can we minimize these threats , are there any security frameworks or techniques available , please suggest.

Your prompt response would be highly appreciated.

Regards,
Bilal.
 
Pat Farrell
Rancher
Posts: 4686
7
Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think its way too late to suddenly decide that security is a requirement. Proper, professional security had to be built in, not slapped on at the end.

Its fairly easy to add some firewall and other ideas so that its hard to get into your site. But systems protected solely by firewalls are considered "hard on on the outside and soft and chewy on the inside' because once the bad guy gets into the system, often there is nothing else to protect your site.
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think its way too late to suddenly decide that security is a requirement. Proper, professional security had to be built in, not slapped on at the end.

+1

Considering that the system will handle payments, it's likely that its release will need to be postponed by a significant amount of time whilst security features are added to its architecture, design and implementation.
 
Deepak Lal
Ranch Hand
Posts: 561
Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you let me know which would be the Feasible Security Implementation in this regard.
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's impossible to say in general without knowing the specifics of the application and the possible threats to it. Reading through the SecurityFaq will give you some appreciation for what's involved in securing a system. (It also has a link to Schneier's book Secrets & Lies that is recommend reading, IMO.)
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!