BitCoin Biz Startup with Security Questions...

[BTCPRO1980]

Hello, all!

Been lurking for awhile and finally made an account :p

So, I'm in the early stages of starting a gambling related site that will exclusively use BTC. Yeah, I know I'm not the first one with this idea. And all legal issues aside, my questions revolve around wallet security when hosting such a site.

I assume that it would be safest to not have the wallet hosted on the site, but I am unclear how I would do automated cash-in/cash-outs otherwise. I have a pretty good understanding of PHP and other "web technologies", but with BTC, I have no experience other than as a user.

I've found a VPS provider that accepts BTC and they, I believe, offer Windows Server 2008 (i need win for my existing apps). So, in addition to wallet safety in a setup like this, I also wanted to know if anyone had basic Win08 server suggestions. I'm not very familiar with it. Does a server like that need anti-virus as well? Or because I am not surfing the web from it is it unnecessary?

Any insights would be greatly appreciated. And if this is ignored, I won't hold it against y'all!

Thanks!

[Arto]

Good security will necessitate a sufficient budget and sufficient technical expertise.

For instance, the first thing that came to mind reading your description is that it might be a rather better idea to run your Windows apps on a backend (that is, not directly customer-facing) Windows server, and have your web-facing frontend server be a proper Unix box that can be secured to a greater degree.

That way, you could beef up the frontend server (using best practices for Linux, FreeBSD, or OpenBSD security) sufficiently to help you sleep soundly at night, isolating the critical data onto the backend server one hop further back from the great unwashed masses banging at your firewall, with tightly defined and controlled communication protocols in-between the two servers.

Even if all your frontend server does is just proxy (using Varnish, Squid, or similar software) through to a web server process running on the backend server, this would already make you a less likely target for random acts of hacking as it would be less obvious that you are operating an Internet-facing Windows box.