HPE Community
Operating System - HP-UX
1824485 Members
4307 Online
109671 Solutions
New Discussion юеВ

Firewall on database server

 
SOLVED
Go to solution
Henry Chua
Super Advisor

тАО09-02-2006 07:10 AM

тАО09-02-2006 07:10 AM

Firewall on database server

I am currently designing a low budget database server, so i plan to include a firewall in the same box. I have been asssuming that having the firewall in a different box, generally make the server more secured - is this assumption correct? and if so can someone elaborate on why this is so?

Thanks
Henry
0 Kudos
Reply
2 REPLIES 2
Bill Hassell
Honored Contributor

тАО09-02-2006 07:41 AM

тАО09-02-2006 07:41 AM

Solution

Re: Firewall on database server

It will be very difficult to adequately secure your server to act as a firewall and allow anyone to access the system. Forget it completely if you do not have two LAN cards. Now assuming you can indeed keep the 2 LANs isolated, the biggest issue will be the DAILY effort needed to watch for security problems and keep updating and changing the rules to keep ahead of the bad guys. Unless ytou can dedicate someone to watch your system every day as well as monitor all the CERT and other security alerts, you will be hacked and your data compromised.

A cheap firewall is like a cheap lock on the door. You save money but lose it all when someone breaks in. A reasonable firewall will cost you 400 to 1000 dollars and will require a yearly subscription, perhaps $200 per year. If your data isn't too important, don't worry about a separate, specialized firewall.

Here is a starting point for securing your server (BEFORE installing your firewall software): http://www.windowsecurity.com/whitepaper/unix_security/Building_a_Bastion_Host_Using_HPUX_11.html

And if you're using any version of HP-UX prior to 11.00, DO NOT connect it to the open Internet -- there are just too many new vulnerabilities that have been uncovered since 2001 when 10.20 was obsolete and there won't be any new patches to address these new hacks. Security is a serious and constantly changing challenge.


Bill Hassell, sysadmin
Reply
Steven E. Protter
Exalted Contributor

тАО09-02-2006 05:13 PM

тАО09-02-2006 05:13 PM

Re: Firewall on database server

Shalom,

In general, I try and keep firewalls off of application servers. It is better unless the database server is exposed to the public Internet to use another system to limit access.

As far as which is more secure, that depends on how each solution is configured.

Most large organizations have specialized hardware for firewalling and they ask people who set up application and database servers to not set up firewalls on them.

Database servers use ports that most firewalls close by default and you will need to carefully read the database documentation in order to find out what ports to leave open.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.