securing DB access from the DMZ

[wasabi_pea () hushmail com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We have a Cisco PIX 520.  One interface is a DMZ that contains a Windows NT 4.0 server running IIS 4.0.  This webserver 
also runs an Internet banking software package called Q-Up from the S1 Corporation.  This application has had a 
somewhat spotty security history.  S1 outsources the Q-Up system, and their hosted banks were compromised at the end of 
last year with an IIS exploit, and I have other concerns about the design of the Q-Up product.  But I'm stuck with it, 
at least for the present.

The webserver has two network interfaces.  One has a public IP that carries web traffic to and from the Internet.  The 
other has a private address and carries database requests to and from the core banking database over a single TCP/IP 
port (as far as I know).  The second NIC plugs into our core switch behind the firewall, to which our database server 
is also directly connected.  The connection from the webserver to the switch makes me nervous.

Here's the obligatory ASCII diagram of the portion of the network in question.  I hope it displays correctly.

          {Internet}
               |
               |
        [Cisco router]
               |
               |
        [Cisco PIX 520]---DMZ---[IIS 4 Webserver]
               |                  (Second NIC)
               |                       |
     [Cisco Catalyst 6509]-------------+
               |
               |
               +---------------[DB Server]

The former administrator wasn't concerned with the second NIC, and claimed that it was impossible for traffic to route 
from one NIC to the other.  I'm not sure I feel comfortable trusting that assumption to protect the database server 
from intrusion.  However, the former administrator like the solution so much he carried it out on all the servers in 
the DMZ, so that they could be administered without going into the server room.

I'm considering alternative designs and solutions.  I think I'd like to cut the secondary connection to the switch and 
bring the database traffic back through the firewall to the inside network.  I'm also considering a second firewall to 
create a more secure zone for the database server and other important assets, like the Human Resources server.  That 
way I can further secure access to them from both external and internal users.

Any other solutions or insights?  I'm particularly interested in hearing from others who have experience securing the 
Q-Up product and its database communications.

Thanks for reading so far, and for any advice you can provide.

wasabi_pea

P.S. I don't mind hearing marketing-type responses from those providing products as long as they give some concrete 
answers on how their product helps the situation.  So please, no responses like, "Well, just buy our expensive gizmo 
and all your problems will disappear."  :)




Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wl8EARECAB8FAjx0GZYYHHdhc2FiaV9wZWFAaHVzaG1haWwuY29tAAoJEEmCEPin5IgH
Fg0An16uzs+Q5ebfhkvnDjtEjrNIYFRWAKCNNHTGMKm5YYLrAR5nCTo2Pxmkrw==
=uAb/
-----END PGP SIGNATURE-----

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards