WebApp Sec mailing list archives
Re: DMZ and critical data
From: "Ken Adler - QDSP, CISSP, PMP, CISA" <ken.adler () gmail com>
Date: Sun, 9 Jul 2006 13:58:18 -0700
Note that if this is an application dealing with credit card account numbers the DB must not be in the DMZ but rather separated from the web server with a fw in between. This is a requirement for the Payment Card Industry Data Security Standard (see www.pcifile.com or visa.com/cisp ) Ken
On 9 Jul 2006 07:52:39 -0000, sarbanha () tkckish co ir <sarbanha () tkckish co ir> wrote: > Hi Pedro, > > I believe VPN is more suitable solution for this problem, since the VPN seems to be a non feasible solution to your problem, you should concentrate on security holes of your web server. To be honest this is very difficult to achieve, the web application should be very strong and you should be aware of remote code execution vulnerabilities on your web server. > > > From my point of view, the problem is not accessing the Database itself, the problem is that your web server has remarkable access to your Database. > > > Let's suppose your web server is highly secured, What I have done in my company is to set up my database on the DMZ network with no default gateway, but of course I did a very strict configuration on my firewall for the database. > > > Another solution can be NAT, you can put your Database server on Intranet and do some NATting configuration along with port address translation to allow your web server gain access to the Database server. > > > I believe NAT solution is more secured than the former method... > > > I'm sure other guys with more experiences might have better solutions, so I'd follow this thread to learn more :-) > > > Very Kind Regards, > > Mohammad-Ali > > ------------------------------------------------------------------------- > Sponsored by: Watchfire > > Securing a web application goes far beyond testing the application using > manual processes, or by using automated systems and tools. Watchfire's > "Web Application Security: Automated Scanning or Manual Penetration > Testing?" whitepaper examines a few vulnerability detection methods - > specifically comparing and contrasting manual penetration testing with > automated scanning tools. Download it today! > > https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm > -------------------------------------------------------------------------- > > -- Ken Adler - Visa QDSP, CISSP, PMP, CISA, ITSM 510-290-5806 (cell) Ken () adler net Check out pciFile.com and pciFile.ORG !
-- Ken Adler - Visa QDSP, CISSP, PMP, CISA, ITSM 510-290-5806 (cell) Ken () adler net Check out pciFile.com and pciFile.ORG ! ------------------------------------------------------------------------- Sponsored by: WatchfireSecuring a web application goes far beyond testing the application using manual processes, or by using automated systems and tools. Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download it today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm --------------------------------------------------------------------------
Current thread:
- Re: DMZ and critical data, (continued)
- Re: DMZ and critical data 蓝牙 (Jul 09)
- RE: DMZ and critical data Brian J. Bartlett (Jul 09)
- Re: DMZ and critical data Mohammad Ali Sarbanha (Jul 09)
- Intrusion Detection David Robert (Jul 09)
- Re: Intrusion Detection Ivan Ristic (Jul 10)
- Re: Intrusion Detection Jamie Riden (Jul 10)
- Re: Intrusion Detection Daniel Cid (Jul 11)
- Re: Intrusion Detection David Ryan (Jul 12)
- Re: Intrusion Detection skarvin (Jul 12)
- Re: DMZ and critical data sarbanha (Jul 09)
- Message not available
- Re: DMZ and critical data Ken Adler - QDSP, CISSP, PMP, CISA (Jul 09)
- Message not available