> Syer A. Caudilll wrote:
> Our organization would like to extend a human resources application to
> the internet. Our goal is to allow end users to post payroll hours over
> the internet. The nature of the application requires allowing access to
> a production Oracle database. The only service to be provided is http.
> The database is production, must be updated by the end=user via the
> internet. What firewall strategies should be pursued for this type of
> endeaour? Any input would be appreciatted.
There are lots of overall security issues here, but I'll just touch on
some of the basics. First, if your end users are going to be
transmitting any "sensitive" info such as their social security #'s, you
might want to look at running secure transactions via Netscape or some
other "secure" server, depending on your company's policy on these
Second, the firewall issues can vary according to your implementation,
but I'll tell one possible setup. You can run a 3 interface firewall -
1 outside, 1 inside, & 1 that houses your web servers, ftp servers, etc.
Your Oracle db would sit somewhere on the inside network, not directly
accessible from the outside. The web server would house your cgi
program(s) to access the db, and the firewall would be configured to
only allow traffic from that web machine through to the db. That way,
your inside users can still have a clean access path to the db.
Third, you need to make absolutely sure that the userid that the cgi
stuff will run as has the minimum necessary permissions to only the db
tables it needs, and nothing more. Be especially aware of any "public"
style db groups that all users fall into by default. For example, if
the cgi userid is "www", the table is "payroll", and it only needs to
add records, not update or delete, then you need to make sure that www
has insert permission only for payroll and no other rights, either
directly or via group membership.