Air Traffic Control would require real time data, and possibly store information for historical purposes. I doubt a failure in MSSQL would cause any real grief to ATC. After all, if the system failed on storing data, wouldn't it still need to deal with the real time data?
My thoughts. Shawn -----Original Message----- From: Mark Lane [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 04, 2003 2:23 PM To: [EMAIL PROTECTED] Subject: Re: (clug-talk) vintage os rocks big time :-) At 12:56 PM 2/4/03, you wrote: > > Ah but... > > > > If the banks are accessible to both the Internet and Interac then the > > banks can be used to access Interac from the Internet....... Thus a > > connection from the internet to interac exists even if it isn't a > > direct connection. > > > > For Example > > > > When I buy something on Interac, it updates my account balance in > > real-time. When I do online banking, it updates my account balance in > > real-time. So both systems have access to my account balance at the bank > > in real-time. Therefore, there must be a connection to the database > > server from both the Internet and Interac Networks. If the database > > server is compromised from the internet, it can be used as a gateway to > > access the interac network. > >Well the webserver you access to update your account info at least has a >connection to the database server, and there isn't anything wrong with >that. However, if this database server is sitting on the wrong side of >the firewall (ie on the internet, or in a dmz) then that is a problem. >Like Aaron was saying, no one should be able to interface with the >database server directly. The network should be setup something like >this: > ><customer> ----> <internet> ----> <webserver in the dmz> ----> <firewall> >-----> <database server> > >In this setup, the banks clients access the webpage that allows them to >interact with their accounts. This machine is in the banks DMZ and the >firewall is setup to allow that webserver to access the database server >that is inside the banks network or LAN. This connection should also be >encrypted. It seems though that if the banks SQL servers are getting >compromised then it could mean that they don't have the database server >behind the firewall, they have it in the dmz with the webserver. That is >a big no no, and a great number of admins do it this way. If they didn't >then slammer wouldn't have been able to run so wild for so long. I am sure they were behind firewalls but just with port 1433, 1434 open so the webservers can access them. Which is completely dumb but very common. What they probably haven't done is used a VPN or separate network to talk to the database server so that only webserver can talk to MS-SQL database or they are running MS-SQL right on the webserver. Man even if their DMZ firewall blocked the MS-SQL ports (1433 & 1434) like you suggested, this wouldn't have happened. I would hope the Air Traffic Control System is much better protected... -- Mark Lane Hard Data Ltd. mailto:[EMAIL PROTECTED] Telephone: 01-780-456-9771 FAX: 01-780-456-9772 11060 - 166 Avenue Edmonton, AB, Canada T5X 1Y3 http://www.harddata.com/ --> Ask me about our Affordable Alpha Systems! <--
