Firewall Wizards mailing list archives
Re: Cisco ASA firewall: SQLnet inspection: buffer limit
From: Morrow Long <morrow.long () yale edu>
Date: Fri, 16 Jan 2009 07:06:16 -0500
On Jan 15, 2009, at 2:45 PM, Chuck Swiger wrote:
The typical solution to accessing a database behind a firewall is to set up a VPN connection, and not to disable the firewall.Permitting the entire Internet to access your database means you are trusting Oracle's security. Even if you don't care about the integrity of your data, you'd also put the machine running Oracle itself at risk of compromise as well:
But what about the case where a web server on the DMZ network and interface on a 3 (or more) interface firewall accesses an Oracle database server which is located on a higher security level network protected
by a different interface on the same firewall?The SQL query will also have to go through the firewall to go from the DMZ WWW server to the DB server -- I don't believe most experts would argue that the WWW server should build a VPN connection to the database server on the more secure network. In most cases you do not want the public facing Web server to have unrestricted access to all of the ports on the DB server nor unrestricted access to the network it is on.
Morrow _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco ASA firewall: SQLnet inspection: buffer limit Haim [Howard] Roman (Jan 15)
- Re: Cisco ASA firewall: SQLnet inspection: buffer limit Chuck Swiger (Jan 15)
- Re: Cisco ASA firewall: SQLnet inspection: buffer limit Morrow Long (Jan 16)
- Re: Cisco ASA firewall: SQLnet inspection: buffer limit Chris Myers (Jan 19)
- Re: Cisco ASA firewall: SQLnet inspection: buffer limit Morrow Long (Jan 16)
- Re: Cisco ASA firewall: SQLnet inspection: buffer limit Chris Myers (Jan 15)
- Re: Cisco ASA firewall: SQLnet inspection: buffer limit Christopher J. Wargaski (Jan 15)
- Re: Cisco ASA firewall: SQLnet inspection: buffer limit Chuck Swiger (Jan 15)