[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] place for db-server



Christian,
if you need external access, put it into the DMZ.
Make sure the database - if it is network capable and needs network access for your app - only accepts connects from localhost. Switch off the db network ports completely if possible.

Make sure the database native ports ( db access ports, potential admin interface and such ) are filtered at the outside fw.

Putting it into the internal network would not exactly help security, since you would need to allow external access to this box and therefore to your internal network.

However, having internal & external work ( which I understand as inhouse app development & external app development ) on the same machine often leads to conflicts, since developers of inhouse applications are often relatively lax on security related issues.

Eric



Christian Mang wrote:

Hi List,

I am not sure about the right place for our database server. We have an external and an internal firewall (SuSE 9.0) with a DMZ. The application server is used for internal and external work. It needs
a database server on its own machine. Should I take it in the DMZ or in
the internal network? What is the (security related) best decision?

Thanks
Christian





--
Eric Mueller
EDS Operations Services GmbH
Global IMDS Technology Management
Eisenstr. 56, D-65428 Ruesselsheim, Germany
phone : +49 6142 80 1218
http://services.mdsystem.com

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here