I am currently using a server 1 managing incoming traffic from users and a server 2 managing database requests from server 2. Both servers are accesible via Internet. Would IP whitelisting be a sufficient measure of protection to prevent any traffic on server 2 other than incoming from an application running on a server 1?
If not, what are the risks?
IP spoofing only works for incoming, UDP traffic. If you need the return trip to work, network layer IP spoofing doesn't work any more.
While white-listing is a good defence in depth strategy and mitigates against many attack vectors, some attack vectors still remain, like MITM attack.
The traffic between the two servers can still be intercepted and modified (MITM attack). You need to use secure connections like SSL/TLS, IPsec, VPN, etc.
As long as there are not any other services that are vulnerable to exploit it should be sufficient. I would personally recommend placing a firewall between server 1 and server 2 to ensure that only server 1 can communicate with server 2, but if that isn't possible, a whitelist and locking down services on server 2 is your next best bet.
