Databases Reference
In-Depth Information
with web clients. A single server, if appropriately configured and network
enabled, can support multiple trust models under the S-HTTP architecture
and serve multiple client types. In addition to being able to serve a flexible
user base, it can also be used to address multiple data classifications on a
single server where some data types require higher-level encryption or
protection than other data types on the same server and therefore varying
trust models could be utilized.
The S-HTTP model provides flexibility in its secure transaction architec-
ture, but focuses on HTTP transaction vs. SSL which mandates the trust
model of a public/private key security model, which can be used to address
multiple I/P services. But the S-HTTP mode is limited to only HTTP commu-
nications.
INTERNET, INTRANET, AND WORLD WIDE WEB SECURITY
ARCHITECTURES
Implementing a secure server architecture, where appropriate, should
also take into consideration the existing enterprise network security archi-
tecture and incorporate the secure server as part of this overall architec-
ture. In order to discuss this level of integration, we will make an
assumption that the secure web server is to provide secure data dissemi-
nation for external (outside the enterprise) distribution and/or access. A
discussion of such a network security architecture would not be complete
without addressing the placement of the Web server in relation to the en-
terprise firewall (the firewall being the dividing line between the protected
internal enterprise environment and the external “public” environment).
Setting the stage for this discussion calls for some identification of the
requirements, so the following list outlines some sample requirements for
this architectural discussion on integrating a secure HTTP server with an
enterprise firewall.
• Remote client is on public network accessing sensitive company data.
• Remote client is required to authenticate prior to receiving data.
• Remote client only accesses data via HTTP.
• Data is only updated periodically.
• Host site maintains firewall.
• Sensitive company data must be encrypted on public networks.
• Company support personnel can load HTTP server from inside the en-
terprise.
Based on these high-level requirements, an architecture could be set up
that would place a S-HTTP server external to the firewall, with one-way
communications from inside the enterprise “to” the external server to per-
form routine administration, and periodic data updates. Remote users would
access the S-HTTP server utilizing specified S-HTTP secure transaction
Search WWH ::
Custom Search