Paul W. Weyman writes:
>
> I have to explain to a bunch of sales execs. that allowing web
> access to a core production database is a bad idea. Basically, they want
> to run CGI scripts on a web server in the DMZ that query an Oracle db on
> the internal network. To do this, the firewall would have to be
> configured to allow all connections from the web server to the sqlnet
> port on the db server. I think that most technical/security people
> agree that this is a bad idea but I need some details. Any help on
> how to make a case with non-technical management types would be greatly
> appreciated.
It's a bad idea if not done right, and even if done right there are
still risks. Whether the risks outweigh the benefits is a business
decision. The key risk is that, since the web server has access to
the internal network, your net is only as secure as the web server.
What I would do is use good, secure web server software, write your
CGIs very carefully, lock the machine down tight, and run *nothing
else* on it. Put anonymous ftp, mail, web pages that need frequent
updates, etc, on another machine. You can avoid making a hole in the
firewall if you make the web server dual-homed, with one network
interface on the DMZ and the other internal. In any case, the key
here is to make the web server machine as secure as your firewall.
Steve Gaarder Network and Systems Administrator
gaarder @
cmold .
com C-MOLD, Ithaca, N.Y., USA
References:
|
|
