#heartbleed how to keep the open source but use the Microsoft encryption installation

there are three different thoughts that lend me to this post

* many sites like to use wordpress and a lot of other (nearly)free opensource packages for their content, their forums, their social web and so on and these run mostly on apache/linux (although some packages are now also migrating a windows version)

* it is a good policy to seperate your content and interactivity sites/servers from your important login webservices (which have a financial or administrative impact). The lesser is on your login server, the better because it diminishes the number of injection points. It makes it also possible to make your loginserver fully totally ssl-enabled (and for example not only your login to the backoffice webservices but not the services and information themselves)

* the only ssl package that isn't impacted by the bugs and that has enough resources, backup and securitypeople working on it is the encryption library from Microsoft.

so if you are a hoster or working on a project you can do the following

* keep your open source contentmanagement and socialweb and all that kind of stuff on apache/linux


* place a link to a different windows server which will be have the least possible of content and images and so on and use the encryption package of windows
 (this also means that you can more easily block all unwanted traffic to your server (scanning etc) and that you can put the analysis of the traffic and transactions on a very high analysis level - because all the content and interactivity without financial consequences is happening on the other server)

and if you have a breach in the content server it will be very difficult to have an impact on the windows server except if you stupidly put some trustrelationship between the two (to make it customers more easy - the reason of many mistakes in security infrastructure)

The comments are closed.