1

I am a complete beginner in the security topic and I know that I should read this, but I have a small question to which I hope exists a short answer.

Let's say I have three components of a web-application 'talking' to each other:

  • a front-end;
  • a database;
  • a storage component.

Each of the components resides on a physically distinct machine which has a connection to the Internet.

How then a front-end machine can connect to the database machine in a secure manner? How can the database machine know it is the front-end machine connecting and not an attacker?

Is there any 'best practice' to connect two components in a physically distributed system in such a secure manner, that only certain components are allowed to access other certain components while all the other sources are restricted to access those components?

AviD
  • 72,138
  • 22
  • 136
  • 218
  • 2
    You could use two-side authentication (for example using TLS with client certificatges), but I don't see why the backend servers need to be accessible from the internet at all. Probably the best solution would be to put those machines behind some firewall which only allows access from the front-end server. – Niklas B. Mar 05 '12 at 18:36

1 Answers1

2

The standard solution here actually makes use of three tiers, independent of the server, where you have an Internet-facing web tier/server (presentation layer only), then an application tier/server (business logic of your app), and then a database tier/server (storage).

A firewall sits in front of your web server and only allows web (http and/or https) traffic in. Another firewall then sites between you web server and your application server and only allows the protocols necessary for your app to function to pass through and only from the web server(s). The web server is, in effect, isolated between two firewalls in what we call a DMZ and the interfaces both from the Internet into the DMZ and from the DMZ into the internal network are tightly controlled so that only expected protocols pass and only to/from expected hosts. But...ONLY the web tier should be accessibly from the Internet, and only using the protocols that are necessary (HTTP and/or HTTPS). The application server should not be, and the database and/or storage should ABSOLUTELY not be accessibly from the Internet. The idea here is that only the front-end, web tier, should ever be accessible from the Internet...all connections to the application tier should come from the web tier and all connections to the database tier should come from the application tier.

You can make this stronger by deploying mutually-authenticated SSL/TLS between the tiers.

Microsoft has a good write-up on this that is here. It includes a bunch of .NET/ASP stuff, but the general idea is platform-agnostic.