Security related questions

Question

Hi Team,

While doing a live transition of a project, the end user asked me a number of questions. If you can address these questions for us, it would be very helpful. The customer is doing integration between WooCommerce and Dynamics NAV. Here are the list of questions which the customer have asked for.

  1. Do data transactions between Woocommerce – APPSeCONNECT – Nav Server go encrypted?
  2. Do we need to set up ipsec tunnels between your firewall and ours in Woocommerce server and Nav Server?
  3. Do you establish any secure tunnel between APPSeCONNECT and our Nav Server?
  4. Do you establish any secure tunnel between Woocommerce server and APPSeCONNECT?
  5. Could you please send us any documentation you have about these issues?

Please help me to get it answered as the customer is doing live transition very soon.

solved 0
Sayan Chatterjee 1 month 1 Answer 23 views Beginner 0

Answer ( 1 )

  1. Hi Sayan,

    Here are my answers.

    1. Do data transactions between Woocommerce – APPSeCONNECT – Nav Server go encrypted?

    APPSeCONNECT uses SSL and TLS maintained by the server. So if WooCommerce is behind a secure connection, it uses the same and we will ensure that the highest TLS security will be used. For NAV we also use SSL if server has one, it uses Windows Authentication to authenticate requests to the service and database. For better security on NAV, you can use the following document.
    https://docs.microsoft.com/en-us/dynamics-nav/enhancing-microsoft-dynamics-nav-server-security

    BTW, please note our local agent connects to your NAV always, so if you are using On-Premise agent, the Access is performed locally to NAV server and no data is getting transferred to our server. This is a high level conceptual guide for appseconnect to help you understand.
    https://www.appseconnect.com/appseconnect-integration-concept/

    2. Do we need to set up ipsec tunnels between your firewall and ours in Woocommerce server and Nav Server?

    No, as I have mentioned, the Applications are connected locally always, you do not need to have ipsec tunnel to the application. You can only allow the access to your own local ip to access NAV and WooCommerce if required.

    But the Agent does access our server occasionally for updates, so the firewall should allow ports and urls mentioned in the document. The access should be open from the server where the Agent is installed.
    https://community.appseconnect.com/hostnames-and-urls-for-appseconnect/

    3. Do you establish any secure tunnel between APPSeCONNECT and our Nav Server?

    No, as mentioned. The secure tunnel is from the machine where APPSeCONENCT agent is installed to the NAV server, not from our APPSeCONENCT server.

    4. Do you establish any secure tunnel between Woocommerce server and APPSeCONNECT?

    Yes, as mentioned. It will use SSL and TLS level security to connect the APIs as installed your WooCommerce. The access depends on the SSL certificate associated with WooCommerce server. We always connect WooCommerce over http(s).

    5. Could you please send us any documentation you have about these issues?

    You can refer to our Comprehensive security documents to get an idea about how platform connects between apps.
    https://docs.appseconnect.com/security/security/
    https://docs.appseconnect.com/gdpr/GDPR/

    I hope these answers will help.

    Best answer

Leave an answer

Please Log in to answer to this question .