"Typical commercial hosts just don't cut it. You need mandatory access
control like on "multilevel secure" systems or like type enforcement on
Sidewinder. Then it can even be part of the site's firewall."
I'm sorry Rick, but are you saying that the only Web Servers that can be
run have to allow the use of type enforcement or similar security? Come on
guys, this attitude which says that if it can't withstand the most serious
types of attacks it ain't good enough is just not going to cut it in a
world where most companies have a web site. Sure, I agree, it is the best
security, but is there no room to evaluate the value of the information
being protected against the cost of the security implementation?
After all, it is said over and over again that the biggest security risk is
not from the Internet but from the local network. By putting a web server
outside of the local LAN, protected from it by a firewall, you have taken
care of your biggest risk by securing it from your local network.
This has nothing to do with NT or any other OS, but if people come to the
Firewalls list to get a feel for what their personal security needs might
be, and are sifting through all the information they can get from here,
these kinds of answers are going to make many people believe that the cost
of making a presence on the WWW is simply way to high and complex for them
Nobody asked the person what they wanted to do with the web server, what
kind of web server software they were planning to use, and whether or not
there was a need for the web server to participate in an Intranet. I
understand that there is a Gatekeeper motto that says "nothing in, nothing
out", but there is a tidal wave of commerce that says "if I ain't out
there, I won't get the new shareholders in", or something like that.
For example, with BorderWare I could put the NT Web server on a secure side
network, a third adapter in the Firewall. This has its own access lists and
HTTP would be proxied from the outside onto the side network directly to
the NT Web server. Only requests from the external adapter address on the
specified port would be allowed to connect to the web server. If the web
server needed to connect to a SQL server, for example, a proxy would be
established between the secure side network and the internal network. Only
access from the IP address (translated address) would be allowed through
the proxy on the specified port into the internal network. Now the only
question in my mind is the security of the web server software, not the NT
box. Considering the HTTP request would be on one port, and the SQL access
would be on a different port, and only HTTP is allowed in/out between the
side network and external network, and only SQL in/out between the side
network and the internal network, sounds pretty secure to me.
Now I could be completely wrong here, but I think it would take a pretty
sophisticated hack to get into the internal network. Getting access to the
SQL data in some way not intended is up to the HTTP server.
How about some simpler solutions with proviso's rather than just tons of
warnings and expensive or complex solutions...there's ideal, and then
there's the rest of us...