Educause Security Discussion mailing list archives

Re: firewall requirements for applications

From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Wed, 1 Sep 2010 14:55:22 -0400

Does the application contain somewhere in the code the password to access the database?

Lot's of the fat client applications do this, in which case if the bad guys get access to the module, some reverse engineering will give them access to yourdatabase server.


Limiting access to the DB will help, but a hop attack (break into a local machine, access from there) may defeat this.

If your application requires some type of strong authentication outside of having access to the module, then you could make the case that you have mitigatedthe risk. Remember to do your security in layers.

Your access to the ERP is most likely protected by strong (or not so strong) authentication. A hack attempt will have to be done against the server and cannotbe done offline. This makes a lot more noise that (hopefully) someone will notice.


It's all about the risk :-)

Good luck.

Joel Rosenblatt

Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel


--On Wednesday, September 01, 2010 1:13 PM -0500 "Shalla, Kevin" <kshalla () UIC EDU> wrote:

We have an application that currently is protected by a firewall.  The
application (Windows executable) resides on a file share, and data on a
database server.  Managing the firewall for this application causes quite
a bit of grief.  I recently asked why we needed to keep it behind the
firewall, considering that we've got much more confidential data (our main
ERP), which is available through any web browser and java to any computer
on the Internet.  Is there some valid increased security risk to allowing
access to a Windows executable versus a java application?




Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel

Current thread:

firewall requirements for applications Shalla, Kevin (Sep 01)
- Re: firewall requirements for applications Joel Rosenblatt (Sep 01)
  - Re: firewall requirements for applications Jason Testart (Sep 01)
- Re: firewall requirements for applications Kevin Wilcox (Sep 01)
- Re: firewall requirements for applications Charles Buchholtz (Sep 01)