Re: network architecture related to db security - needed

["Kevin Wetzel - ISP Toolz" <kevin () isptoolz com>]

It depends on what you are trying to do. You can tunnel traffic, encapsulate 
traffic, VPN traffic, etc. There are usually more than 1 way to secure 
things. Firewalls are not the only method used.

You can firewall the 2 systems making the connection and use things like 
hosts.allow, hosts.deny and achieve nearly the same goal.

Kevin Wetzel
ISP Toolz
http://www.isptoolz.com/

----- Original Message ----- 
From: "avishver" <yram () netvision net il>
To: "'Saqib Ali'" <docbook.xml () gmail com>
Cc: <security-basics () securityfocus com>
Sent: Friday, December 09, 2005 1:22 PM
Subject: RE: network architecture related to db security - needed


> No firewall between the application and the db?
> I am not a big fan of that, but some security guys swear that it
>  is an absolute need.
>
> -----Original Message-----
> From: Saqib Ali [mailto:docbook.xml () gmail com]
> Sent: Friday, December 09, 2005 7:41 PM
> To: avishver
> Cc: security-basics () securityfocus com
> Subject: Re: network architecture related to db security - needed
>
> actually you can place the reverse proxy in the DMZ. and same thing
> for citrix solution as well.
>
> >   Do you mean a network topology like:
> >
> >   internet --> firewall --> reverse proxy --> application --> db
>
>
> --
> In Peace,
> Saqib Ali
> http://www.xml-dev.com/blog/
> "If you stop telling lies about me, I will stop telling the truth about 
> you"