stackoom
  简体   繁体   中英

Secure communication between two servers

 原文  2016-08-04 22:20:32       security/ amazon-web-services/ networking/ amazon-ec2/ hsm

Question

I want to securely store private keys of my users on a separate server (lets call it B ) and it's used to sign, decrypt information. B stores keys on a database (postgres). Server A (public) sends information to B . Ideally B needs to get the private key, sign the token with information and send it back to A . Instead of sending the private key to A , which can be a security issue (if server A is compromised).

My options are:

  1. web sockets
  2. Https request ( https://nodejs.org/api/https.html#https_https_request_options_callback )

Questions:

  1. Is there any other options to securely communicate with two servers?
  2. If server B was on port "7000" how can I make sure only server A can access it?
  3. How does HSM server help in my case and how does it communicate with other servers (websocket or https request)?

I could just take the easy route and connect database of server B on port "7000" and run queries from A but as I said it's not as secure. I heard that HSM handles/decrypts information and sends it back, so I though I can do something similar with normal servers.

Thanks any help would be appreciated

UPDATE

@zaph has answered questions 2 and 3.

Question: Does server A need to do a https request and include the private ip address of server B , for example https://203.0.113.25 ? Then server B would use an API router to handle the request. However ip isn't a DNS, therefore it won't work due to certificates. So how do servers communicate, send/receive data?

Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario3.html

1 answers

solution1
 0 ACCPTED  2016-08-09 01:42:44

For others: Use security groups, configure them so only a specific instance can access it. Make a normal request, eg: domain.com:PORT . PORT is the instance that's listening to request...

When you specify a security group as the source or destination for a rule, the rule affects all instances associated with the security group. Incoming traffic is allowed based on the private IP addresses of the instances that are associated with the source security group (and not the public IP or Elastic IP addresses).

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Secure communication between two iPhones Secure connection between 2 servers How to secure communication between two rails (on heroku) applications? How to secure communication between two c++ programs over ssh Secure data transfer between servers Secure password communication between 2 applications Secure communication between android apps Secure communication between client and service How to send data in secure way between two web applications on different servers? How Hide url from communication between servers
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM