Solved

VPN Security Lock Down, Data Transfer Security

Posted on 2004-09-03
2
256 Views
Last Modified: 2013-12-04
Good Morning Gentlemen,
I have a client who needs to transfer SENSITVE data e.g. Customer data, telephone numbers, Credit Card numbers etc from there side to my side and back again.

On my side I have a SQL 2000 Database running on WIN 2K Server behind a FIREWALL on the clients side they are using an web based Access Database/Application. There will be HTTP requests going back and forth, What security features can I implement from source to destination to lock down/secure the data transfer.... I am thinking of using a VPN can I use an encrypted VPN for the data transfer? Any Suggestions please….on what I can put in place on my side and the clients side to really lock down and secure the transfer process. Are there any SQL 2000, WIN2k Security Features I can activate?

Jaspn Burke
0
Comment
Question by:JaspnBurke
2 Comments
 
LVL 7

Accepted Solution

by:
LimeSMJ earned 175 total points
ID: 11983248
Since you are using a web based application, SSL might be the easiest to implement.  Just get a certificate (either self-generated or commercial like Verisign) and install it on the server.  Then force the client to use an HTTPS link instead of HTTP.  Keep in mind though, that this will require that you make your web server public - which may be not in your best interest if it's strictly an intranet application.

A VPN is a good idea if you don't want to make your server public.  There are a couple ways to implement a VPN, each with it's own advantages and disavantages.  

> A site-to-site tunnel is good if you want to keep the connection between you and the client machine secure and permanent.  
> A simple client - server VPN is good if your firewall supports it... Windows XP can handle and log into most firewall VPNs without use of an expensive client side software.

In addition to the method, the VPN security strength can also be tailored for your needs through the use of different transport protocols - TLS, EAP, PPTP, L2TP/IPSec, etc...

There isn't much you can do to lock down the server besides installing the latest security patches for both SQL and Win2K.  Your firewall should handle the bulk of the security on the server side.  Just make sure that when you do implement any client - server relationship that the client itself (and the user) is protected... VPNs are useless if the client is untrusted.
0
 

Author Comment

by:JaspnBurke
ID: 11985727
Thank You LimeSMJ,
I am going down the VPN route it seems to be the safest option.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Every business owner understands the significance of online customer reviews and the impact it can have on sales and revenues. With technology advancing at such a rapid pace, getting online reviews has never been easier, especially when many regions…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question