378
A Practical Guide to Security Assessments
11. Do the B2C application and the database both reside on the same server
or is there a “tiered” architecture where the application and the database
are on different servers?
Guidance:
Ideally, the database supporting B2C operations should not re-
side on the same server as the application to better manage risk. Assuming
they are on separate systems, if the B2C Web site is attacked or brought
down, the database is still safe as it resides on another machine. In a typical
architecture, the B2C application is in front of a firewall, which customers
can reach via the Internet,
and the database is on a separate server, which
is protected behind the firewall. With this question, you should review the
network topology diagram and determine whether the B2C is set up in a
secure manner.
Risk:
The risk of having the database and application on the same server
is that if the server is attacked or brought down, the database and the ap-
plication can be compromised, resulting in sensitive information (e.g., cus-
tomer data, credit card information) being exposed or the permanent loss
of information (depending on the backup process).
Client Response:
12. Are there any firewalls deployed to help secure the B2C infrastructure
and are they properly configured?
Guidance:
Part of the B2C infrastructure is a firewall. In many cases, it
might be the only security device in place. Although a firewall can be very
effective, it can only be effective if it is configured properly. Many compa-
nies do not take the time to properly architect the firewall or configure the
rule base. When reviewing the firewalls, you should ask for the rationale
for how the architecture is set up and what justifications were used in con-
figuring the firewall rule base. Both of these should be documented and if
not, this information should be readily known by IT or dedicated security
personnel. Based on the risk, it may make sense to review the firewall rule
base in detail and determine whether any changes are required.
Risk:
The wrong placement of the firewall or a firewall with an incorrectly
configured rule base can result in unauthorized traffic into the network.
Thus, the B2C system is not protected as intended.
Client Response:
AU1706_book.fm Page 378 Tuesday, August 17, 2004 11:02 AM