Hi,
Just to preface I am not a web host or even a particularly techy person but, I will be engaging the services of a system admin and want to have an idea about what I want not least so that I can be sure that he/she is capable.
I am looking to host a site that will contain sensitive information including intellectual property that if seen by anyone before protection is granted would, in many jurisdictions, render the item unprotectable.
I am looking for paranoid level protection for this and some other reasons.
I would like to ask a system admin that I hire freelance to be able to do something like the following.
Create a extra layer of security to the main web server. I want to have a sort of reverse proxy that will take requests to the website
https://www.example.com and then get that from the 'real' server.
What I would want this to accomplish is the following:
First, the location of the 'real' server would be undetectable from the client's position.
Second, It would add an extra layer for hackers to deal with.
Third, the session would be over SSL, would the proxy machine need to decrypt this SSL read it then re-encrypt it to send to the 'real' server or would it pass through unencrypted?
Forth, I would love if the setup could do the following, I would like to keep all the files on the 'real' server encrypted then when they are being served to the client the proxy could decrypt them then send them over the SSL to the client. Does that make sense? For example if anyone got access to the main server all the php, jpgs etc would be encrypted and unreadable. The proxy would have the decryption key to send it to the client unencrypted but over an encrypted channel.
Thanks for all the help.
There are a number of other issues that I will be looking for help on particularity about establishing paranoid level security. And I will be looking for a freelancer to implement this when we get going in a couple of months so if anyone is interested and wants to tender please do.
