[thelist] Firewalls vs. Web Databases
Ron_Senykoff at BEAEROSPACE.COM
Ron_Senykoff at BEAEROSPACE.COM
Thu Sep 20 13:38:01 CDT 2001
<snip>
The best for security is definitely everything behind the firewall
</snip>
I disagree. It is definitely better... but in this case I would suggest 2
firewalls. One for the DMZ and one protecting the internal network. If
everything is behind one firewall, then you have to leave ports open.
Leaving ports open on the firewall leaves ways for an attacker to come in.
We currently run 2 webservers, one inside the firewall and one outside (in
the DMZ). We have one-way replication set up so that the internal server
pushes changes to external. Even if an attacker got into the external box
and screwed it up, we still have our data and can rebuild with minimal
effort.
Having a server 'internal' with port 80 open... then a hacker attacks it on
port 80. The way applications are becoming more and more 'web-enabled' the
more things are left open by port 80. I've seen many companies that have
an intranet that is accessible from outside -- via port 80. They think
"because it's behind a firewall its safe," yet they left the door open. I
was poking around with a few Notes vulnerabilities and found that I was
looking at HR information, internal job postings, help-desk applications...
Ron Senykoff
More information about the thelist
mailing list