No I dont have an admin or a security people here. In fact the programming group is very small, and we are somewhat under pressure because the client have shortened the time of delivery (the boss have sayed, yes we can short the time of delivery and they have taked his word :S...).
Yes, I need encryption, in fact I will use tea because is very simple to implement for the data being communicated, also I was thinking perhaps in OpenSSL or OpenSSH, but I guess will be enough with tea, also for secure a little a SQlite database... people here before have used Oracle... I guess for the server-side part will be OK, but for client side (not much power there) will be enough with SQlite+tea for data.
It will have access from the web, and via a LAN.
The people have asked about "how secure your applications are??" (they like the functionality... but they also whant security in the system), they have asked about DOS attacks, if the data is encrypted, how many traffic it can handle (ok... this is not about secure but integral), how secure are your apps to a direct attack to the service that is if a person/programm get physically to the server how secure is the app.
In fact Im migrating to Linux (at the end will be Red Hat, for develop Im using Fedora+Kubuntu) and implementing a new "module" in the app, but before the people here hasn't taked into account the security of the app components... in fact the boss dosent like that I will like make a complete reengineering of the whole app and not only migration/extension/patching
(I dont like how is coded actually).