Hi all, I appeal to you to see if you can give me some advice. I need to secure communications between my front-end and back-end servers.
First, my infrastructure: Internet ---> Public OpenBSD Carp'ed fws ---> FreeBSD front-end web servers (https) ---> Internal OpenBSD Carp'ed fws ---> CentOS back-end servers (http, tomcat and Oracle BBDD 11g). Between these back-end and front-end servers, packet average is 1000 pkt/sec. And as you can imagine, traffic between these back-end and front-end servers goes in clear. I'm planning to deploy OpenBSD based servers between these back/front end servers using these technologies, both or only one. a) Establishing SSL tunnels. b) Establishing IPSec tunnels host to host. It could establish tunnels using these servers directly, but I prefer to avoid the impact of processing and/or performance that would occur. And another thing: I need to secure comms between backend servers also. Oracle BBDD hosts are installed in different hosts than tomcat application servers, for example. Is my approach correct? Any other better solution? Is it stupid this approach? Thanks. P.D: I can use cryptographic cards, if I need it.