Re: [fw-wiz] Cisco ASA firewall: SQLnet inspection: buffer limit



On Jan 15, 2009, at 2:45 PM, Chuck Swiger wrote:
The typical solution to accessing a database behind a firewall is to set up a VPN connection, and not to disable the firewall.

Permitting the entire Internet to access your database means you are trusting Oracle's security. Even if you don't care about the integrity of your data, you'd also put the machine running Oracle itself at risk of compromise as well:

But what about the case where a web server on the DMZ network and interface on a 3 (or more) interface
firewall accesses an Oracle database server which is located on a higher security level network protected
by a different interface on the same firewall?

The SQL query will also have to go through the firewall to go from the DMZ WWW server to the DB server --
I don't believe most experts would argue that the WWW server should build a VPN connection to the
database server on the more secure network. In most cases you do not want the public facing Web server
to have unrestricted access to all of the ports on the DB server nor unrestricted access to the network it is on.

Morrow

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.backoffice.smallbiz)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.backoffice.smallbiz2000)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.windows.server.sbs)
  • Re: need help re. office network install
    ... > and their network is a mess, the result of years of neglect. ... they have a gateway server w/ no special ... > firewall rules on it, they have a large DMZ that serves no purpose ... install anymore software on the firewall machine than is absolutely ...
    (comp.os.linux.networking)
  • Re: oops again
    ... open on the Firewall, and the default should be none. ... Since you intend to install IIS purely as a test server for your ASPX pages ... Make sure that IIS is only listening on the local network (192.168.x.y ...
    (microsoft.public.inetserver.iis)