3

Could someone please provide me with some guidance for a system I am designing...

A general overview of the system is that it is to store information on staff and "customers" - this information must be completely secure as it is highly sensitive! Staff must be able to access this information remotely - with functionality to view, add, edit and delete records, and upload/download files.

So the three models I have thought of for this system are:

  • Remotely login to the server (I have seen an existing system doing this - would it be for security reasons? and I assume it would still be running a client application on the server to allow multiple users?)

  • A Client application that runs on the users machine, establishes a TCP connection (would OpenSSH or a similar wrapper provide the level of security this system NEEDS?)

  • Building the system into the website - the browser effectively being the client (this is my favoured solution, however is it the best? )

Have I missed a better solution?

I understand all of these solutions could probably be built to be extremely secure, however I do not extensive knowledge of this area (but I am willing to learn)

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
Sam
  • 210
  • 2
  • 6

1 Answers1

2

Let's look at them in turn.

Remote Access. Secure enough if you do it properly, usually not considered because it is the most expensive option and it really has no advantages over other options if you aren't doing anything fancy.

Native client with secure networking built in. Secure enough if you do it properly, but it requires you to write security code, and you don't know what you are doing, so a bad idea.

Web client. Secure enough if you do it properly, but it requires you to write security code, and you don't know what you are doing, so a bad idea.

Establish VPN link and run an insecure client. This is one you left out. Secure enough if you do it properly, not terribly expensive, only slightly less convenient for users, sounds like a winner!

Note that although I have dismissed options 2 and 3, I have only done so based on the threat model you describe in your question, which may well be wrong - for example you are assuming the bad guys are all outside the network perimeter.

Graham Hill
  • 15,394
  • 37
  • 62
  • Great reply, appreciated! However, I have gone with building a native client, and have spent a good amount of time researching security! I will also be using WCF (which is a big help). I have posted a question describing the security architecture I am thinking to adopt, so If you get chance I would appreciate your input - http://security.stackexchange.com/questions/40666/wcf-is-this-a-good-security-architecture – Sam Aug 15 '13 at 10:24