On 4/25/02 3:11 AM, "Carson Gaspar" <carson@taltos.org> wrote:
Speaking as someone who has just a few years of computer security experience, the above proposal accomplishes just about nothing, security-wise.
Speaking as someone who also does, who lives with someone who did it for a living for a while, and went over this with some really sharp security folks, you're not correct.
To start, you've forgotten the issue of multi-pronged attacks. The more services a single box supports, the more chances you have that a cracker can find a multi-service attack mode.
But by moving the data from the list machine in the border zone inside the main firewall, it also makes that data less prone to attack from cracked machines elsewhere in the DMZ. If the data is on the box, a cracker could potentially get it by cracking into the DMZ anywhere and then cracking the database. By moving it and configuring the firewalls properly, they'd have to crack ONTO the list machine and then crack the data connection through the firewall.
So it does far from nothing. It significantly limits the ability to get at that data, both by simplifying the services on the DMZ box, limiting attack angles, and by requiring they crack ONTO that box to have possible access to it, not just cracking ANY box on the DMZ (most of which I don't control).
Huge improvements in security, because it removes a lot of variables, especially in areas where you don't have control
Chuq
-- Chuq Von Rospach, Architech chuqui@plaidworks.com -- http://www.chuqui.com/
Very funny, Scotty. Now beam my clothes down here, will you?