I'm looking for possible solutions for secure access to internal
applications and databases. I'm interested in different architectures
and in products implementing them.
While discussion on technical details is appropriate for the list,
please send commercial information to me directly.
The only solutions I know are based on something like:
--| compartimented web server |---| chocke/proxy|---|app. server|--
The web server is basically divided in:
| public interface | client of app. server|
where communication between the public interface and the rest of the
system is strictly controlled. Access to the server is based on SSL.
The biggest caveats I can see in this solution are:
- SSL authentication can only reach the public interface. If somebody manages
to control the Web server in his restricted environment, it could fake
the identity of other users or send them corrupted information, so a stronger
authentication/integrity mechanism is necessary;
- even in a restricted environment, blocking access to specific
network interfaces while permitting access to one (the external one)
can be difficult;
- a proprietary protocol between the web server and the application
server may be necessary, since the usual one may be to weak (weak
Any thought on this?