[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] place for db-server
if you need external access, put it into the DMZ.
Make sure the database - if it is network capable and needs network
access for your app - only accepts connects from localhost. Switch off
the db network ports completely if possible.
Make sure the database native ports ( db access ports, potential admin
interface and such ) are filtered at the outside fw.
Putting it into the internal network would not exactly help security,
since you would need to allow external access to this box and therefore
to your internal network.
However, having internal & external work ( which I understand as inhouse
app development & external app development ) on the same machine often
leads to conflicts, since developers of inhouse applications are often
relatively lax on security related issues.
Christian Mang wrote:
I am not sure about the right place for our database server.
We have an external and an internal firewall (SuSE 9.0) with a DMZ.
The application server is used for internal and external work. It needs
a database server on its own machine. Should I take it in the DMZ or in
the internal network? What is the (security related) best decision?
EDS Operations Services GmbH
Global IMDS Technology Management
Eisenstr. 56, D-65428 Ruesselsheim, Germany
phone : +49 6142 80 1218
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here