NYCPHP Meetup

[Mitch Pirtle]

Faber Fedor wrote:

> At the moment, it can't.  I want to open up a teeny-tiny hole on the
> firewall to let the web server in, but I'm very paranoid about people
> breaking in, hence my original question.  
> 
> If I forward Firewall:80 to ProdnServer:80, that will let the web server
> in and everyone else on the Big Bad Internet.  I can use SSH/SSL to
> encrypt the data from the Web Server to the Production Server but I need
> to minimize/remove all acapabilities for the Big Bad Internet to get to
> ProdnServer:80.

No can do.  If one machine can get through, then anyone that can get to 
that machine can get through.  Whatever security/encryption schemes are 
implemented on the webserver are bypassed by compromising the webserver. 
  And once gaining access to the production server, the whole shebang is 
now for the taking.

This, ladies and gentlemen, is an example of what I call the "Armadillo 
Security Model".  Hard on the outside, soft on the inside.  Firewalls 
are perhaps less than 30% of your real risk, but the firewall sales 
pitches have created an entirely inaccurate depiction of the real world.

One possible remedy is to push the data from the production server to 
the webserver, which would protect your internal network at least. 
Unfortunately, you will not be able to protect the data (should the 
webserver become compromised); and your data will no longer be 'real 
time' data.

What is more important to your organization:  your data, your internal 
network, or your website?  Let the suits make this call, and the rest 
becomes academic.

-- Mitch