Hi Gaowen,

i want to clarify alitle more. We have  core database server located in our Datacenter. Our database developer team has built a Web-Application-Server (that is not web server) which is put in our DMZ . This web-app server will be accessable from outside , public users will login to this web-app server through web to access thier accounts which exist in the Core-database server located in our Datacenter. That mean this web-app server will have connection to the core database server. 

i want to encrypt only the username and password which public users type when they try to login to thier account through web.  How to do that?

Anyone can give any idea

Hi Imran,

"i want to encrypt only the username and password which public users type when they try to login to their account through web"

This you may need to look for any available third party solution, but also keep in mind that it makes your t-shoot hard, when user types wrong user id (encrypted) etc. However, to add addl security to your webserver  (and traffic exchanged between user PC <-> Server), few suggestions below

Few suggestions (assuming you only have a traditional ASA)..

1. Allow only 'https' (with higher tls) connections only to DMZ server from Internet

2. Implement two factor authentication  (passscode + RSA token code) to log on to webserver.

3. Strong certificate

4. If you know the public IPs from where users initiate connections - allow those IPs only.

hth

MS

Hi mvsheik,

you suggested me 4 options.  option 1 and 4 is configurable on the ASA.    but options 2 & 3  are not belong to ASA, i need to implement them on the Webserver right ?    like i need install a signed certificate on to my webserver ? the ASA is not involved and need any certificate itself, because ASA is not doing this authentication process.    am i right ?

That is correct, Imran.

Thx

MS

Thank you mvsheik for your support

Any idea anyone else, plz 

anyone else can give me idea?

Anyone can give idea plz ?

.

Hello,

I still can't figure out what you're trying to achieve here:

"Our database developer team has built a Web-Application-Server (that is not web server) which is put in our DMZ . This web-app server will be accessable from outside , public users will login to this web-app server through web"

Is it a web server or not?

If you are trying to use the network to encrypt just the username and password, you are going to need to do something very bespoke. I'd recommend just using a remote access solution from the internet into your DMZ then once the VPN is established then users will be able to submit their credentials to the web server, which won't be in the DMZ, it'll be in a more secure zone.

Gareth