We have now layered many obstacles in the attackers path:
• Dual homing the web servers to prevent any logical routing fromthe Internet to the sensitive database server(s).
• Placing these web servers behind a high availability Firewall cluster.
• Placing the Replicated Database server(s) behind another clustered
high availability Firewall.
Inserting a further high availability Firewall cluster between the
replicated database server(s) and the real one(s).
Some customers have gone further still, utilizing different networking
protocols or technologies between each layer. Whilst this increases
security by hampering an attackers progress further, care should be
taken to ensure that administrative and operational needs are also
taken into account.
Conclusions
We have summarised the development of secure network design since
the security threat to public or Internet facing systems became
apparent. As a full assessment should involve a review of the logical
security, an ethical hacker must be aware of both the design decisions
and constraints involved in building a corporate Internet presence.
No comments:
Post a Comment