Re: Authenticated VS Anonymous in a secure Zone

["Paul D. Robertson" <paul () compuwar net>]

On Fri, 14 May 2004, Roger Barbeau wrote:

> Hi!
>
> A design question for all of you.
>
> Let's say that we have two web servers in our DMZ.
> Traffic to the web server 1 is authenticated by the firewall and the
> credential is relayed to the web server 1.
> Traffic to the web server 2 is anonymous.
>
> What is the security concern about having authenticated traffic and
> anonymous traffic going to the same zone?

Any exploitable condition in Web Server 2 means that Web Server 1 can be
attacked from there.  In an ideal design, things which require the same
level of security are separated from things which require different levels
of security.  Generally, in Web "Extranet" designs, this is done by
putting an additional interface on the firewall, and creating a new "zone"
for the more sensitive thing.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards