Firewall Wizards mailing list archives
RE: Securing www server w/Oracle back end.
From: "George J. Jahchan, Eng." <Firewall-Wizards () Compucenter org>
Date: Wed, 9 Apr 2003 11:30:21 +0300
I think I have found the solution, it is from a French company called NetSecure and the product is NetSecure Web. My understanding of the scenario is as follows: WWW server gets moved to the private zone close to the db server and a NetSecure internal agent gets installed on it or preferably on another server (requirements are minimal). An external NetSecure agent gets installed on a stand-alone server in DMZ. No holes have to be punched through the firewall from DMZ to private zone. The internal agent polls the external agent for queued requests every second (this is the default and can be changed). The internal agent performs http protocol inspection (customizable) and forwards "sanitized" requests to the real web server which sends its response back through the internal agent to the external agent and from there to the client. SSL decryption could occur in an HSM card installed in the server hosting the internal NetSecure agent. NetSecure internal agent would inspect the content of http requests after they have been decrypted in HSM. Theoretically the setup behaves like an air gap between the client and the web server and is transparent to both. On paper, this looks like a viable solution. Look forward to readers comments. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Securing www server w/Oracle back end. George J. Jahchan, Eng. (Apr 09)
- RE: Securing www server w/Oracle back end. Ben Nagy (Apr 09)
- Re: Securing www server w/Oracle back end. Crispin Cowan (Apr 09)
- RE: Securing www server w/Oracle back end. Ben Nagy (Apr 09)