[thelist] Firewalls vs. Web Databases
Mark Nickel
mnickel at new.rr.com
Sat Sep 22 11:52:31 CDT 2001
>
> > The best for security is definitely everything behind the firewall, or
> > at least the firewall being the only connection between the 'net and
> > your private network.
>
> My point is that Joe Cracker would have to a.) get through firewall
> rules b.) get through the webserver before c.) he ever found out even
> what network the DB server is on.
>
In addition to layering your defenses, one should also remember to
stringently audit the web-based applications that would be running behind the
firewall. One can have a locked down network architecture, but forget to
audit that webapplication which uses a home-grown CGI processor instead of
CGI.pm, in the case of a Perl-based app. Just Don't Do It... Use CGI.pm if
you can. If you can't do a search for "Ovid" on http://perlmonks.org.
IMHO, it's easy to architect and secure the network but it's easy to become
relaxed and forget to secure your applications...
mjn
More information about the thelist
mailing list