Security Basics mailing list archives
Re: How to secure a webserver in a DMZ
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Fri, 5 May 2006 15:27:51 -0700
I agree, too. But why should in theory a HTTP-backend-connection more secure, than a database-backend-connection?
See: http://www.sans.org/rr/whitepapers/webservers/302.php A reverse proxy adds another layer of defense. Plus you can do some nifty content filtering on the reverse proxy. Another possible solution is to use graphical firewall. This is useful if you really want to secure the your Datastore. In a graphical firewall the content never gets transmitted to the client, instead just the pixel that represent the content get transferred. Citrix can provide this graphical firewall. The Citrix server + HTTP server + DataStore will be inside the firewall. You open only one port (ICA protocol) on the firewall that connects to the Citrix server. Publish Firefox on the Citrix server such that it can only access the web application and nothing else. Then the user outside the firwall will use the web based / java based / active X based ICA client to access the published the firefox with your web application. One key thing to note is that the user is only seeing the graphical output of the web app, so it is alot more secure then pushing actual content out to the user's browser. -- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 -----------
Current thread:
- How to secure a webserver in a DMZ Dennis Breithaupt (May 05)
- Re: How to secure a webserver in a DMZ Saqib Ali (May 08)
- Re: How to secure a webserver in a DMZ Dennis Breithaupt (May 08)
- Re: How to secure a webserver in a DMZ Saqib Ali (May 08)
- Re: How to secure a webserver in a DMZ Dennis Breithaupt (May 08)
- RE: How to secure a webserver in a DMZ Burton Strauss (May 08)
- Re: How to secure a webserver in a DMZ Saqib Ali (May 08)