Security Basics mailing list archives
Re: How to secure a webserver in a DMZ
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Fri, 5 May 2006 10:05:30 -0700
If I understand your question correctly. Your webserver is in the in the DMZ, which is accessing the DB that is residing in a main firewalled intranet. This scenario is certianly possible, but will be vulnerable. If your webserver gets comprised, your DB is open as well. I would recommend instead of placing the web server in DMZ, place a reverse HTTP proxy in the DMZ, that talks to the HTTP server that reside inside your main firewall. This way if your reverse proxy server gets compromised, there will much much less chances of the webserver/DB being compromised. -- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 -----------
Current thread:
- How to secure a webserver in a DMZ Dennis Breithaupt (May 05)
- Re: How to secure a webserver in a DMZ Saqib Ali (May 08)
- Re: How to secure a webserver in a DMZ Dennis Breithaupt (May 08)
- Re: How to secure a webserver in a DMZ Saqib Ali (May 08)
- Re: How to secure a webserver in a DMZ Dennis Breithaupt (May 08)
- RE: How to secure a webserver in a DMZ Burton Strauss (May 08)
- Re: How to secure a webserver in a DMZ Saqib Ali (May 08)