In-Reply-To: <[EMAIL PROTECTED]>
Assuming that your SQL Server is in your local Network)
You can shift the sql server to the DMZ and small changes
in the policy will do.
DMZ Policy
Any request from webserver to sql server on (x) port allow
Any Any Drop
You can also allow one of the privileged user from local
network to access the sql server (if reqd)
The policy for the same should be updated.
Hope this will do, for further details do write to me.
Regards,
Raj
>Received: (qmail 7580 invoked from network); 20 May 2002
23:03:39 -0000
>Received: from outgoing3.securityfocus.com (HELO
outgoing.securityfocus.com) (66.38.151.27)
> by mail.securityfocus.com with SMTP; 20 May 2002
23:03:39 -0000
>Received: from lists.securityfocus.com
(lists.securityfocus.com [66.38.151.19])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id 6AA9DA3168; Mon, 20 May 2002 16:13:35 -0600 (MDT)
>Mailing-List: contact security-basics-
[EMAIL PROTECTED]; run by ezmlm
>Precedence: bulk
>List-Id: <security-basics.list-id.securityfocus.com>
>List-Post: <mailto:[EMAIL PROTECTED]>
>List-Help: <mailto:[EMAIL PROTECTED]>
>List-Unsubscribe: <mailto:security-basics-
[EMAIL PROTECTED]>
>List-Subscribe: <mailto:security-basics-
[EMAIL PROTECTED]>
>Delivered-To: mailing list security-
[EMAIL PROTECTED]
>Delivered-To: moderator for security-
[EMAIL PROTECTED]
>Received: (qmail 23203 invoked from network); 20 May 2002
18:36:22 -0000
>Date: 20 May 2002 18:39:24 -0000
>Message-ID:
<[EMAIL PROTECTED]>
>Content-Type: text/plain
>Content-Disposition: inline
>Content-Transfer-Encoding: binary
>MIME-Version: 1.0
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: Dan Williamson <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Secure Infrastructure
>
>
>
>I currently am faced with a troublesome infrastructure
>dilemma.
>
>We have some real-time data that resides on an SQL server
>in our intranet. This data is queried and updated by users
>via a web server that is in our DMZ. Queries are sent from
>the web server in the DMZ to the SQL server and data is
>provided from the SQL server back to the web server based
>on the queries. This obviously requires a two way
>connection through the firewall which negates the reason
>for the firewall in the first place. The question I have
is
>what is the most secure network design for these systems?
>How do you provide access to real-time sensitive data in a
>secure environment? Financial, medical and other
government
>agencies provide this kind of real-time information on a
>daily basis so I know there are ways to do what we need.
>I'm just not sure how yet.
>
>Any suggestions would be greatly appreciated.
>
>
