Firewall Wizards mailing list archives
Re: Web server inside the firewall
From: Arian Hormozi <arianh () webtrends com>
Date: Wed, 02 Dec 1998 15:13:06 -0800
It never ceases to amaze me how many times network admins get pressured to compromise the security of the network because someone else thinks "it's too time consuming/complicated" to do something. If I were you I'd go on a tirade filled with all sorts of buzzwords and doom and gloom about the horrible security risks and how you could end up as an IBM commercial or something. Fear is always a great motivator for !clue people to leave you be. :) -Arian At 07:17 PM 12/1/98 -0500, you wrote:
"Kevin Tyrrell" writes:I have been getting pressure lately to have a web server moved from the DMZ to behind the firewall. The reasoning is this will make it easier to access databases on our internal network.[...]What do people feel about this type of configuration. Pros and Cons?I'm always stunned by such "reasoning". The most dangerous machine on your network is your web server. It is probably the easiest machine on the network to break in to -- bugs in CGI and similar stuff are discovered at a breathtaking rate. If the function of the firewall is to protect you from the outside, then bringing the web server inside will eliminate the point of the firewall entirely. Oh, and by the way: deciding to "fix" this by putting the machine on the outside of the network and then giving it full access to your database (say, via SQL over the net) is equally silly, since the bad guys will then have all the sorts of access the web server has as soon as they break in (which they will one day). Perry
Current thread:
- Web server inside the firewall Kevin Tyrrell (Dec 01)
- Re: Web server inside the firewall Perry E. Metzger (Dec 02)
- Re: Web server inside the firewall Arian Hormozi (Dec 03)
- Re: Web server inside the firewall Steve George (Dec 02)
- Re: Web server inside the firewall Bennett Todd (Dec 03)
- <Possible follow-ups>
- Re: Web server inside the firewall Bob Acosta (Dec 02)
- RE: Web server inside the firewall Shivdasani, Meenoo (Dec 03)
- Re: Web server inside the firewall James Conley (Dec 03)
- RE: Web server inside the firewall Readwin, Neil (Dec 04)
- RE: Web server inside the firewall Safier, Adam (GEIS) (Dec 04)
- RE: Web server inside the firewall tyrrell (Dec 07)
- Re: Web server inside the firewall Bennett Todd (Dec 08)
- RE: Web server inside the firewall tyrrell (Dec 07)
- Re: Web server inside the firewall Perry E. Metzger (Dec 02)