View Single Post
Old 11th September 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by barti View Post
Because if attacker can still easily go to the database then everything is doomed.
With this architecture...
Code:
[web server] - [database]
a jail, a chroot, a DMZ, or some other separation technology may limit data access, data change, or data loss. "Doom" will depend on the nature and extent of the attack.

With this architecture...
Code:
[web server] - [application server] - [database]
the web server is used for presentation, and database access is controlled by the business rules of the application server. An attacker that compromises a web server would not have free reign to attack the database server without first compromising the application server.
Quote:
Jail can protect only the main server but the web service is in deep problems.

Attacker can replace the files in /var/www/html and then what?
Perhaps I wasn't clear. A compromised platform is one that under partial or complete control of the attacker. ALL of these various technologies merely limit the extent of possible control. In the case of a web server, it is not only the files accessible to the web server, but its abilities to be used as an attack vector towards other systems -- I used a back end database server as a common example.
Quote:
What do you think, my conclusion is true?
Yes. But for clarity, ANY network facing application is at risk from attack. And that includes... not just Internet facing, but private networks as well. A compromised platform on a private network could be a vector of attack.
Quote:
Other means like DMZ maybe.
No; perhaps you misunderstand what these are. They limit broad access but by design they permit certain types of access. For example, a DMZ that permits a web server to only access a database server will not prevent an attack on that database server if the web server is compromised.

Security cannot be installed.

Security is not software, nor is it hardware. Security is a process. And that is because you cannot eliminate risk. But by understanding risks, you can seek to mitigate them. In this case, risk mitigations do come from infrastructure design, and there are also mitigations from software implementation and softare tools, and also from operational best practices.
Reply With Quote