Databases Reference
In-Depth Information
Mirrored data on
Netscape's
Commerce Server
Internal
authenticated
& encrypted
mirrored data
Secure in-bound
proxy access
Internal
authenticated
& encrypted
secure proxy
Exhibit 54-6. Externally placed server.
modes, and be required to identify themselves to the server prior to being
granted access to secure data residing on the server. Exhibit 6 depicts this ar-
chitecture at a high level. This architecture would support a secure HTTP dis-
tribution of sensitive company data, but doesn't provide absolute protection
due to the placement of the S-HTTP server entirely external to the protected
enterprise. There are some schools of thought that since this server is unpro-
tected by the company-controlled firewall, the S-HTTP server itself is vulner-
able, thus risking the very control mechanism itself and the data residing on
it. The opposing view on this is that the risk to the overall enterprise is min-
imized, as only this server is placed at risk and its own protection is the
S-HTTP process itself. This process has been a leading method to secure the
data, without placing the rest of the enterprise at risk, by placing the S-HTTP
server logically and physically outside the enterprise security firewall.
A slightly different architecture has been advertised that would posi-
tion the S-HTTP server inside the protected domain, as Exhibit 7 indi-
cates. The philosophy behind this architecture is that the controls of the
firewall (and inherent audits) are strong enough to control the authorized
access to the S-HTTP server, and also thwart any attacks against the serv-
er itself. Additionally, the firewall can control external users so that they
only have S-HTTP access via a logically dedicated path, and only to the
designated S-HTTP server itself, without placing the rest of the internal
enterprise at risk. This architecture relies on the absolute ability of the
firewall and S-HTTP of always performing their designated security func-
tion as defined; otherwise, the enterprise has been opened for attack
through the allowed path from external users to the internal S-HTTP serv-
er. Because these conditions are always required to be true and intact,
Search WWH ::
Custom Search