Firewall Wizards mailing list archives
RE: DMZ design - Exchange, SQL, & DCOM
From: "Phil Cox" <Phil.Cox () SystemExperts com>
Date: Wed, 9 Feb 2000 21:59:51 -0800
Here's where you're wrong. If someone can hack the web server, they can hack the SQL server, and in turn access everything on the internal network.
You must be assuming that the Web server and the SQL server have not had any security configurations applied. If you can get at any resource on an internal network, through a properly configured Web server back ending to an SQL server, I would be impressed.
You don't want a web server accessing your SQL server on the internal net.
I know of many installations using this method, securely. It depends on your deployment, and what level of configuration you have done on the box. I would not summarily dismiss it.
If you implement all the funky things I've suggested above, worst case, you'd need a firewall with 5 NICs: 1 - External 2 - Internal 3 - DMZ with web server 4 - DMZ with mail forwarder 5 - DMZ with SQL server (this may not be needed, as noted above)
This looks like a recipe for disaster. Remember the old KISS (Keep it Simple) rule. Complexity and misconfiguration has lead to more compromises that true system vulnerabilities. Phil
Current thread:
- DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 04)
- Re: DMZ design - Exchange, SQL, & DCOM Bill Pennington (Feb 06)
- RE: DMZ design - Exchange, SQL, & DCOM Omar T. Fahnbulleh (Feb 06)
- Re: DMZ design - Exchange, SQL, & DCOM Mikael Olsson (Feb 07)
- RE: DMZ design - Exchange, SQL, & DCOM Phil Cox (Feb 10)
- Re: DMZ design - Exchange, SQL, & DCOM Jack Dingler (Feb 10)
- <Possible follow-ups>
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 06)
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 07)
- Re: DMZ design - Exchange, SQL, & DCOM billp (Feb 07)
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 07)
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 07)
- Message not available
- Re: DMZ design - Exchange, SQL, & DCOM Jan Schultheiss (Feb 10)
- Re: DMZ design - Exchange, SQL, & DCOM Mikael Olsson (Feb 11)
- Message not available
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 07)
- RE: DMZ design - Exchange, SQL, & DCOM Henry Sieff (Feb 10)