Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

no SSL inside fire wall

Go to solution
Former Member

‎07-17-2011 4:02 AM

0 Kudos

We have a network as follows:

Internet --- apache ---firewall --- webdispatcher -- EP-- (ECC, BI, ...etc.)

1) We configure the SSL in that way so that all certificates (inbound) will be terminated at the webdispatcher.

And inside the firewall there is no more any SSL measurement OR any other alike secured links.

Is this design safe enough?

2) The info outbound will use the same SSL from webdispatcher above?

Thanks a lot!

1 ACCEPTED SOLUTION

Go to solution
martin_voros
Active Contributor

‎07-19-2011 12:55 AM

0 Kudos

Hi,

1) depends on your requirements. For example PCI DSS requires that credit card number is always encrypted during transmission. Your set up is not enough to comply with PCI DSS but it might be OK for your environment.

2) I am not sure what you mean by this question but if you are asking about outbound SSL connections from your system then they are not related to web dispatcher.

Cheers

4 REPLIES 4

Go to solution
martin_voros
Active Contributor

‎07-19-2011 12:55 AM

0 Kudos

Hi,

1) depends on your requirements. For example PCI DSS requires that credit card number is always encrypted during transmission. Your set up is not enough to comply with PCI DSS but it might be OK for your environment.

2) I am not sure what you mean by this question but if you are asking about outbound SSL connections from your system then they are not related to web dispatcher.

Cheers

Go to solution
Former Member
In response to martin_voros

‎07-19-2011 11:19 AM

0 Kudos

Thanks for your help.

1) Could you direct me to some blogs about PCI DSS configuration in SAP systems?

2) If outbound message does not go thru webdispatcher, what route it takes?

Thanks again!

Go to solution
martin_voros
Active Contributor
In response to martin_voros

‎07-19-2011 11:42 AM

0 Kudos

PCI DSS stands for Payment Card Industry Data Security Standard. They have a website where you can find all requirements but it's s bit more complicated. There are some books as well. You can find some articles here on SDN about PCI DSS but they usually address just encryption of credit card details. I am not sure if PCI DSS is relevant for you environment.

Web dispatcher is just reverse proxy. So client connects to web dispatcher and web dispatcher connects to back end system on behalf of user. The outbound connections don't go through web dispatcher. They directly connect to target system.

Cheers

Go to solution
Former Member
In response to martin_voros

‎07-19-2011 10:34 PM

0 Kudos

If you use tokenization and the webdispatcher is a part of the same (hardened) security zone as the SAP server systems, then you should be fine to terminate ssl at the dispatcher.

You should plan this in advance as retro-fitting is expensive (in performance and hardware terms).

Cheers,

Julius