Firewall Wizards mailing list archives
Re: Authenticated VS Anonymous in a secure Zone
From: "Paul D. Robertson" <paul () compuwar net>
Date: Fri, 14 May 2004 15:54:43 -0400 (EDT)
On Fri, 14 May 2004, Roger Barbeau wrote:
Hi! A design question for all of you. Let's say that we have two web servers in our DMZ. Traffic to the web server 1 is authenticated by the firewall and the credential is relayed to the web server 1. Traffic to the web server 2 is anonymous. What is the security concern about having authenticated traffic and anonymous traffic going to the same zone?
Any exploitable condition in Web Server 2 means that Web Server 1 can be attacked from there. In an ideal design, things which require the same level of security are separated from things which require different levels of security. Generally, in Web "Extranet" designs, this is done by putting an additional interface on the firewall, and creating a new "zone" for the more sensitive thing. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Authenticated VS Anonymous in a secure Zone Roger Barbeau (May 14)
- Re: Authenticated VS Anonymous in a secure Zone Paul D. Robertson (May 14)
- <Possible follow-ups>
- RE: Authenticated VS Anonymous in a secure Zone Roger Barbeau (May 17)