Hey there, I've recently been tasked with helping on a design where teams are going back and forth between security best practice and business driven requirements. Anyways, I was hoping the community could look at this design as a whole, and see what flaws you could point out. I am new to this network and this design pre-exists me but is under question, I prefer to err on the side of security and more restrictions, but there is an approved business need for moving data outside of a secure zone with a persistent connection. It is important to note that I could see myself arguing for both sides of this successfully, but I'm here asking for a bit better understanding in the interim.
If you take a look at the attached diagram, we have 3 security zones and 4 interfaces hanging off of a Cisco firewall. In this instance the internal network is to be treated as the untrusted/outside network. We have two application servers that serve data to a database in the DMZ zone, these connections build when the service starts and the connection stays up (persistent). Internal clients from the untrusted network talk to an Apache web server that gets its information from the database server.
There is a business need to have all of the data in the main database also existing on the inside, the requirements expect the data to be real time, so that they can query off of it. There are concerns about persistent connections between the DMZ network and the untrusted network, if the untrusted network was breached, there is a risk that someone could use that connection as a pivot point into the DMZ and then access the secure networks since there are persistent connections there too.
My background isn't so heavy in security and hacking, I've mostly focused on routing/switching and load balancing in my short 13 year career. What do you guys think after looking at this diagram? The application folks only see that if there is a persistent connection anyway, then why even have a duplicate database, as they see security as just a blockade in their way. The security folks want to mitigate attacks to sensitive data.
No comments:
Post a Comment