Hi fellow overworked,
I'm interested in what sort of setup any of you are running
containing Internet services such as WWW along with valuable
databases (ORACLE) and how some of you other guys are protecting
your networks and hosts.
We have a WWW system which interfaces to ORACLE via cgi, running
Netscape secure server. I would like to make the Web interface
accessible to the outside world but would like to protect the
host(s) from external attack otherwise.
I'm looking at Digital UNIX Firewalling software as well as Cisco's
PIX firewall embedded kernel box. Perhaps some of you experts can
explain just WHAT a good firewall is capable of doing. I have basic
ideas but what about allowing a single protocol access while
restricting others? Also, is anyone experienced with other solutions
such as Linux's firewall software. I realize this is offtopic but
it certainly falls under system management.
Cisco's sales reps (not necessarily expert) say if I run the web server
inside the firewall then I cannot allow access to it from outside without
opening the whole server up to attack? How is this? The protection is
by IP only then? I was thinking there should be some port level control.
Also, assume I move the web server outside the firewall and have it
access a database inside the firewall, then I assume if the server
outside the firewall is hacked, then the initial entry is gained.
Is this correct? Even so, it would probably be better than no firewall
at all.
Thanks, will summarize. Any info is better than none at all. :)
Melvin Smith
Received on Tue Sep 10 1996 - 00:41:35 NZST