On Wednesday 25 February 2009 22:08:22 Jean-Francois wrote: > Hi All, >
Hi, > I actually built the following system : > > - OpenBSD running on a standard AMD platform > - This box is actually used as firewall > - This box is also used as webserver > - This box is finally used as local shared drives via NFS file but only > open to subnetwork through PF > > Assuming that subnetwork computers might be hacked or infected by any > threat > Assuming that there is no mistake in PF rules > Assuming that there is nothing of a third party installed on the box > (basically it's only a tuned system) > > -> Would you please confirm that hacking is almost impossible ? > -> Would you confirm any personnal datas hosted on server are safe as > long as the (subnet is not compromised by false manipulation of course) > If we just look at the design, there is at least one big flaw in the system: you are mixing internal data with external data. If you have a firewall and a webserver running on the same machine, you shouldn't have the shared drives there because in the event of a security breach you are giving information for free to the attacker. Mixing a webserver with a firewall it is also risky, you are again mixing data that might be internal with something that is dealing with external traffic. Again, in the event of a successfull attack, you are giving the webserver away for free to the attacker. It might be that there are no flaws in any of the OpenBSD packages, but can you assure that no user will add something stupid to the webserver? Most attacks come from unexpected vectors, such as wrong validation of data and such. Once somebody detects a flaw in your web pages it is just a matter of time before they manage to sneak into the system. If nothing else, attacks come in majority of cases from the inside, so protecting only one side is not going to help you if somebody from the inside wants to take over. Remember, all you need is a small error in a webpage for somebody to find a way to enter your system. So, in my opinion what you asking us to confirm is not possible to confirm. Specially if you are hosting sensitive material on the server, mixing internal traffic with external traffic is basically a recipe for disaster. Regards -- Carlos Manuel Duclos Vergara http://carlosduclos.blogspot.com
