I am working with a client that has the following configuration:
{Internet}--[ISP]--[Firewall-1]-[WWW server]-[router]--[internal net]
Due to prior conversations and observations from this list, I consider
WWW servers to be less than secure. Though I promote the
Dual-Firewall DMZ approach, I am uncertain about the dependence that
my client may be placing on the router (as a second firewall) in this
diagram.
To add detail:
- The primary firewall will allow HTTP, HTTPS, and SMTP inbound
- Only HTTP and HTTPs will be allowed to the web server from the
Internet.
My train of thought is that if the WWW server is compromised
(Firewall-1 does not seem to look at the 'insides' of the HTTP packet
traffic to look for harmful commands and buffer overflows, etc...)
then an attacker would have a launching point for the next phase of
the attack which would be against the router. Any thoughts or
opinions concerning this situation? Thank you for any assistance.
Dan Salenger
Deloitte & Touche LLP
dsalenger @
dttus .
com
Follow-Ups:
-
Re: DMZ
From: Chris Carlson <carlson @
cycon .
com>
|
|
