Hello Dan, The architecture you set up will depend on the sensitivity of the data, the risk value involved and the money your company has to spend, as I am sure you already know.
The need for a firewall is not negated by the need for a two-way connection. I have experience with PIX so my example will be based on this. You can specify a conduit through the firewall from one and only one address on the outside to one and only one address on the inside. This will ensure that only data from the web server gets to the SQL server. Likewise, with a conduit going out you can specify that data from the SQL server goes only to the web server. The most secure architecture could go something like this. A firewall for each protocol coming into the DMZ. User authentication into the DMZ via a SOCKS proxy by which you can also determine permitted destinations. Traffic destined for the web server is proxied by application. All traffic to and from the web server is 128-bit SSL. Authentication at the web server is verified at the SQL server. No login/password or any other type of data on the web server. Or, better yet, initial authentication to the web server could be verified against something like active directory or ACF2 and a secondary authentication to the SQL server. Ensure no cached information exists, clicking the 'back' button gets the user nowhere. Queries from the web server to the SQL server are encrypted and go through another firewall and, again, proxied by application on the inside of this firewall. Also, set up a timeout value so that each session expires after inactivity. NAT traffic from the core-DMZ firewall and then NAT the traffic from the DMZ-Internet firewall. Set up an IDS for the web server. ...or something like that... Cheers, Jeff -----Original Message----- From: Dan Williamson [mailto:[EMAIL PROTECTED]] Sent: Monday, May 20, 2002 2:39 PM To: [EMAIL PROTECTED] Subject: Secure Infrastructure I currently am faced with a troublesome infrastructure dilemma. We have some real-time data that resides on an SQL server in our intranet. This data is queried and updated by users via a web server that is in our DMZ. Queries are sent from the web server in the DMZ to the SQL server and data is provided from the SQL server back to the web server based on the queries. This obviously requires a two way connection through the firewall which negates the reason for the firewall in the first place. The question I have is what is the most secure network design for these systems? How do you provide access to real-time sensitive data in a secure environment? Financial, medical and other government agencies provide this kind of real-time information on a daily basis so I know there are ways to do what we need. I'm just not sure how yet. Any suggestions would be greatly appreciated.
