Hiya Mike, > -----Original Message----- > From: [EMAIL PROTECTED] [...] > > Rick Brown wrote: > > > > [ extranet - how? ] > > The web app needs to access to an internal > > Oracle database. I'm wondering what's the best way to > > set this up? My first thought was to replicate the > > database to the DMZ. > > If this is doable, it is indeed a very good design choice. > Replicating the bare minimum to the separate zone, and > replicating as little as possible back to the inside > (preferably nothing, if possible?) is just about as good as > it gets. If oracle can be set up so that the internal DB > initiates all of the replicating sessions (sorry, me no > oracle guru), it would be _much_ preferable to allowing the > extranet DB server initiating sessions to the inside.
This doesn't seem right to me. IMO, the biggest risk with database-backed web thingies is a compromise of the database server, resulting in the entire database becoming available to an attacker. I'm assuming that _any_ database would need to hold sensitive data, like credit card numbers, to be useable, so even the bare-minimum replicated database would still be sensitive. Given that assumption, a compromise of the database server on the DMZ could easily lead to loss of all the marbles - How well can oracle cope with root compromise of the underlying OS (I'm guessing not well)? In terms of design choices, I'd prefer to allow queries through, but to have strong database security. In other words, the external server can ask the internal server for prices or stock, but not for credit card numbers. I do appreciate your concern, which is obviously that live queries against the core production database is a Bad Thing, so how about an _internally_ replicated system with a well secured database containing the bare minimums (including credit card numbers) which can be queried from the DMZ? That obviates the risk of someone destroying the core DB, and the only price you pay is the possible use of the internal server as a second stage jump-off point for attacks. One could reduce _that_ risk by placing the replicated server in a separate security zone altogether. (But I'd say it's splitting hairs. Someone would need to r00t the webserver, use an Oracle query to r00t the internal database and then (using only oracle traffic) use the internal server to attack the inside zone - it's getting far fetched). > > > Another thought was reverse proxy but I've never done that > > and I'm wondering how secure that is. > > You'd have to have a very well-written proxy [1] with very > fine-grained access control in order for it to improve > security even measurably. I have no idea if such a beast > exists (oracle not being my strong side and all). I'm with you - the only fine-grained Oracle proxy is a well configured Oracle database. > /Mikael Cheers, -- Ben Nagy Network Security Specialist Mb: TBA PGP Key ID: 0x1A86E304 (Looking for work in Geneva) _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
