Security Focused Methodology: Remote Server Management
Posted: Thu Feb 12, 2004 5:00 pm
Okay, so here is the deal.
The idea is to have customers install software on their server. However, I want the management of said software done from a central location, basically their control panel hosted on my servers. So basically, my server would remotely connect to the customers server, tell them what commands to run, and the server would run those commands.
Obviously, there is a potential for security problems should someone "spoof" my server. Obviously, the software will check IP, etc.
However, I want to assume the user can spoof that IP, and can fool the software into thinking it's my server where the user is managing their software from. Assume that.
Also, while my server is located under HTTPS, the remote server isn't. I have no control over this. Obviously, if it has SSL, that's great, but I can't assume that.
So here is the idea behind this whole thing.
My server = SERVER
Application installed on the customers server = APP
Client = USER
Command SERVER sends to APP to run = COMMAND
USER logs into SERVER.
USER wants to perform COMMAND.
SERVER records the COMMAND in the database on SERVER.
SERVER then sends COMMAND to APP.
APP receives command.
APP connects to SERVER.
APP verifies COMMAND with SERVER.
SERVER verifies COMMAND FOR APP by checking various things (IP, Timing, making sure someone is actually logged into SERVER, the database to make sure the request was made, and hasn't been performed).
SERVER denies or approves COMMAND.
APP receives response from SERVER.
If the COMMAND was denied, APP denies COMMAND.
APP returns to SERVER a warning message.
If the COMMAND was approved, APP performs COMMAND.
APP returns data to SERVER.
Fin.
Does this set of transactions seem resonably secure? Do you need any more information regarding this?
I want the adminstration done on my server end for various good reasons, so I am hoping that either this method will work, or you can present another method.
Note: Assume I can easily setup hashing/encryption between the two without a problem, so all transactions will be encrypted during a session. A session would be when a customer logs into my server to performs the commands. When the user logs out, the session would end (or it would time out after a period of time).
The idea is to have customers install software on their server. However, I want the management of said software done from a central location, basically their control panel hosted on my servers. So basically, my server would remotely connect to the customers server, tell them what commands to run, and the server would run those commands.
Obviously, there is a potential for security problems should someone "spoof" my server. Obviously, the software will check IP, etc.
However, I want to assume the user can spoof that IP, and can fool the software into thinking it's my server where the user is managing their software from. Assume that.
Also, while my server is located under HTTPS, the remote server isn't. I have no control over this. Obviously, if it has SSL, that's great, but I can't assume that.
So here is the idea behind this whole thing.
My server = SERVER
Application installed on the customers server = APP
Client = USER
Command SERVER sends to APP to run = COMMAND
USER logs into SERVER.
USER wants to perform COMMAND.
SERVER records the COMMAND in the database on SERVER.
SERVER then sends COMMAND to APP.
APP receives command.
APP connects to SERVER.
APP verifies COMMAND with SERVER.
SERVER verifies COMMAND FOR APP by checking various things (IP, Timing, making sure someone is actually logged into SERVER, the database to make sure the request was made, and hasn't been performed).
SERVER denies or approves COMMAND.
APP receives response from SERVER.
If the COMMAND was denied, APP denies COMMAND.
APP returns to SERVER a warning message.
If the COMMAND was approved, APP performs COMMAND.
APP returns data to SERVER.
Fin.
Does this set of transactions seem resonably secure? Do you need any more information regarding this?
I want the adminstration done on my server end for various good reasons, so I am hoping that either this method will work, or you can present another method.
Note: Assume I can easily setup hashing/encryption between the two without a problem, so all transactions will be encrypted during a session. A session would be when a customer logs into my server to performs the commands. When the user logs out, the session would end (or it would time out after a period of time).