0

We are building a Intranet using alfresco on Managed servers. We are considering using a private lan to separate the database on to its own server which is only accessible via the main internet facing server, will this improve security against hack or any unorthorised access?

Mark
  • 9
  • 2
  • "Improve security" depends on what kind of threats you're expecting it to face. To use a rather silly example it doesn't matter what VLAN it's in if the building burns down. – Rob Moir Feb 06 '11 at 12:19
  • Security against unauthorized activity as the server will contain confidential information – Mark Feb 06 '11 at 13:47

1 Answers1

3

Your question as it is asked currently is kind of like asking "is a door secure ?". There is no real answer to that. If it's unlocked, it's useless. If it's a crappy lock, it's 90% useless and so on.

If the database server is in a VLAN on it's own, it's pretty much useless as it cannot communicate with anyone else. If it is in a routed VLAN then it's somewhat more useful.

Just placing a server in a separate VLAN gives you no extra security. Placing a server in a separate VLAN with IP/L4 filtering starts giving you a litte security. VLANs are just one tool amongst many that must cooperate to obtain the desired level of security.

Don't forget that in matters of security, the point of failure is almost always the weakest link. This means that if your server is badly configured, no amount of network security will secure it.

If your network currently does not have VLAN, I would suggest to put a software firewall on your DB server and secure the OS/SQL services.

Antoine Benkemoun
  • 7,314
  • 3
  • 42
  • 60
  • Both servers would have a software firewall, but the idea is that the database server would be more secure as it would not have any internet connectivity except via a cable from the internet facing server and would only accept http traffic and no remote access. – Mark Feb 06 '11 at 13:49
  • You can do this with a software firewall on the server or your network's firewall. VLAN don't have much to do with such issues. This is a 2-step process : secure the application then secure the network flows. VLANs are just a tool that may help the second step. – Antoine Benkemoun Feb 06 '11 at 14:47