I have a need to deploy a website for external access. This website will be hitting an Oracle database. The server (W2K3 IIS 6.0) will be on its own DMZ off of a PIX 515E.
I had originally set the requirement for the development team that the server on the DMZ would not be able to initiate connections into the private network. The database server would have to push all updates to the webserver, so the connection originated on the private network. I expect that this will cause some blow-back from the Development team with them stating that other websites allow access from the DMZ into their private network.
There is bound to be a way to securely allow the web server on the DMZ to initiate connections to the db server as needed for webpages and such. I just need to figure out how it's done at a conceptual level for the purpose of setting the design requirements for the web-based application. Details can be worked out later.
To that end I poked around on EE and found some information.
lrmoore in http://www.experts-exchange.com/Security/Firewalls/Q_21376007.html
stated in response to a similar question
"Personal opinion - go with the web server on the DMZ and create an IPSEC secpol connection between the web server and the database server, allowing only this encrypted data stream through the PIX from the DMZ to the Inside."
What does that mean?
My concern with allowing the web server to initiate connections into the private network from the DMZ is what if it gets hacked, the intruder could gain access to the private network. Would the above address that concern? If the web server does get access into the private network it would be limited to specific ports--probably ODBC or whatever is needed to read and query the db.
How else do people provide this level of security?
I'm also posting a reference question to this one in other areas of EE.