Fire Wall

  • CGFX
  • Graduate
  • Graduate
  • User avatar
  • Posts: 161
  • Loc: Chicago, IL.

Post 3+ Months Ago

:o Hi all,
I have a new client, that wants a tight Firewall on a site I am building for them, which is a online tax prep service. I need to know, is it my job as the designer/developer, or is the Firewall the duty of my hosting company?

Thanks
CGFX
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • UNFLUX
  • Genius
  • Genius
  • User avatar
  • Posts: 6376
  • Loc: twitter.com/unflux

Post 3+ Months Ago

firewall's are the responsibility of the hosting company. Your job as a
designer is to protect the info on the site with an SSL and encryption
certificate. ;)
  • CGFX
  • Graduate
  • Graduate
  • User avatar
  • Posts: 161
  • Loc: Chicago, IL.

Post 3+ Months Ago

Cool, thanks! You are always right there with the quick reply. By the way, should I expect my hosting company to charge extra for this clients "Tax Prep" site with the Firewalls and Tax Forms database needed? Or should it be the same price as any other site, or does it varie by Host company to Host company?

Thanks Again
CGFX
Happy Holiday All
  • UNFLUX
  • Genius
  • Genius
  • User avatar
  • Posts: 6376
  • Loc: twitter.com/unflux

Post 3+ Months Ago

it will depend on what the hosting package you purhased offers. If your
database is required mySQL and your host doesn't support it, or charges
extra, obviously you need to consider that. Most hosting companies
do not charge you extra just to host the type of site you need. I would
just double-check the host's features to be sure before doing any work
on it.
  • CGFX
  • Graduate
  • Graduate
  • User avatar
  • Posts: 161
  • Loc: Chicago, IL.

Post 3+ Months Ago

Thanks,
I talked to my Hosting companies tech rep. He only knew for sure their system supported PHP, but anything else he was not sure. He told me about some new database from MSN/Microsoft that was suppose to be supported on any format. But it is costly as hell, and may require taking yet another class to keep up.
But thanks again,
cgfX
  • thecodman
  • Graduate
  • Graduate
  • User avatar
  • Posts: 171
  • Loc: CT, USA

Post 3+ Months Ago

Like UNFLUX said check with the host before starting anything on it. The last thing you want is to get it all setup and then come to find out that the host doesn't provide a secure firewall for the type of highly private information that your script will be working with.
  • benoitb
  • Graduate
  • Graduate
  • User avatar
  • Posts: 114
  • Loc: Washington, DC

Post 3+ Months Ago

CGFX wrote:
Thanks,
I talked to my Hosting companies tech rep. He only knew for sure their system supported PHP, but anything else he was not sure. He told me about some new database from MSN/Microsoft that was suppose to be supported on any format. But it is costly as hell, and may require taking yet another class to keep up.
But thanks again,
cgfX


that does not sound good at all.
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

Any good professional hosting company will have setup a firewall already.

If they haven't, then security obviously isn't a top concern. And if they're using some MSN/Micro$oft database, what platform are they hosting the site on?

PERSONALLY, I wouldn't run any live site on a Windows machine - especially not one where data (and data protection) is this important.
  • thecodman
  • Graduate
  • Graduate
  • User avatar
  • Posts: 171
  • Loc: CT, USA

Post 3+ Months Ago

Axe is right. If you're running a professional site where data is a top concern its really not a great idea to run it on a windows machine, as i think we all know windows isn't the most stable operating system. I reccomend that for what your doing you get a good private server at a host thats been in business for 2+ years and has unix machines.
  • Daemonguy
  • Moderator
  • Web Master
  • User avatar
  • Posts: 2700
  • Loc: Somewhere outside the box in Sarasota, FL.

Post 3+ Months Ago

Lest we forget many more things if you are virtually hosted, that are even more important; sandboxing, jails, ACL sets for virtual users and services. Remember, if you virtually host -- more than one client per machine -- just being on a box that is not itself protected is dangerous. The weakest link will compromise the box. So if someone else installs a script which permits nefarious activity and compromises the box, they own everyone on that box, (cluster).

Co-locating is of course a better, albeit more expensive option. If your data requires that much security -- and there are rules governing financial data -- then it becomes a more appropriate option.

More often than not I have found places which slap firewalls in place to check off that standard requirement on a marketing fact sheet, are worse that no firewalls at all. It makes people complacent, and therefore reduces security since no security policy was drafted, and subsequently, no acl's generated.

I guess the short of it is, define your policies and requirements and then go after a host that meets or exceeds those requirements. Pay attention to scalability, and do some risk mitigation for performance.

Cheers.
  • CGFX
  • Graduate
  • Graduate
  • User avatar
  • Posts: 161
  • Loc: Chicago, IL.

Post 3+ Months Ago

Thanks everyone, I have taken my notes. I believe this will help next year. Because today is the end of tax filing. And I believe this client wanted to run his service only up to the 15th. of April. Plue they were BS'ing around with the downpayment. I ask you all this, what do you do when you set up a clients templates, story boards, have everything in place to get the ball rolling, and they "Ain't Got No Money?" They were dreaming of having a web site...one day...when they get their bills paid down!
*LOL*

Post Information

  • Total Posts in this topic: 11 posts
  • Users browsing this forum: No registered users and 17 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.