Hi. As far as I am aware, you should ideally have both. You haven't given much detail (in a public forum that's generally a good idea) so I may be guessing on a few points:
Sanctum (http://www.sanctuminc.com/) should be used to protect the web application by enforcing the business logic. This will catch all 10 types of web perversion. You should also protect the SQL with a server sensor to protect it from the internal network and other hosts that could be compromised *besides* the web application. For example, Sanctum will provide outstanding protection for you web application for users coming in through expected channels. If the SQL and httpd servers are on the same segment as an E-Mail server, Sanctum cannot protect the e-mail server from attack (not part of the functionality). If this e-mail (or any other server / host) gets compromised, they could have free rein over that network even though you think you have designed security into the solution. Just a few points: 1. I'm a post-sales techie. I'm used to fixing problems, not designing solutions. Very important difference in psychology. 2. I work for a European Distie for both Sanctum and ISS and so have a vested interest. 3. Check out my comments with your normal reseller / consultant. Don't accept them without independent verification. 4. #include <disclaimer.h> 5. Don't just concentrate on one avenue of attack. When designing a security solution remember that the attacks / perversion attempts can come in any size, shape or source (internal, external, wireless, bug exploit, etc). 6. A lot of the above depends on other parts of your infrastructure that are not mentioned. Some or all of the above could be irrelevant but I hope it gives you an idea of my way of thinking. Hope this helps and is relevant for you. Kind Regards, Jon Paine. Technical Lead. Allasso European Support Centre. SMTP - mailto:[EMAIL PROTECTED] WEB - http://support.allasso.com Tel. 0870 366 8533 (+44 118 971 1533) Fax. 0870 366 8544 (+44 118 971 1544) PGP Fingerprint: ADD3 07AC ED47 292A BF61 E124 E81F 9249 7AD9 6E0C > -----Original Message----- > From: Didea, Gheorghe [mailto:[EMAIL PROTECTED]] > Sent: 05 December 2002 12:54 > To: Issforum (E-mail) > Subject: [ISSForum] Web server protection vs Sanctum AppShield > > > Hello, > > I want to protect a SQL application and I want to know if I > can do this > using Web server protection from Server Sensor. I don't want > to protect just > against IIS attacks but also against authenticated connection > attack. For > example if the application is sending back a response with 77 > in header and > the client is sending back a response modifying this header > and sending 78 I > want to block this. > I ask you this because I want to know if I can do this with > ISS or I need to > buy an applicative IDS like AppShield > > Thanks > George > > _______________________________________________ > ISSForum mailing list > [EMAIL PROTECTED] > > TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo Please note that: 1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on this information. 2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices. 3. The contents of this email are those of the individual and do not necessarily represent the views of the company. 4. The company does not conclude contracts by email and all negotiations are subject to contract. 5. The company accepts no responsibility once an e-mail and any attachments is sent. Allasso Ltd Theale House, Brunel Road, Theale, Berkshire RG7 4AQ UK T: +44 118 971 1511 F: +44 118 971 1522 _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
