Install a Linux box and use sniffit/Tcpdump/ethereal/etc to sniff and determine what ports it using using tcp/udp etc. Robert
> I am have a similar set up where a cold fusion server sits in the DMZ > and the DB server sits on the trusted network. Currently though I have the > trusted network wide open to the cold fusion server because I can't find > any information on the ports to lock it down to. The connection is an ODBC > connection to a foxpro database. Any suggestions? > > Ian > > At 01:45 PM 1/25/2002 -0500, you wrote: > >Actually, in most scenarios I've seen the DB server is behind the > >trusted, and the web server is in the DMZ. This has three benefits: > >1) There is no direct access to the DB server from the Internet, all > >access is really through the webserver, which queries the DB server. > >2) You only need to open the DB ports between the webserver and the DB > >server. If the DB server was on the DMZ, and the web server was > >compromised, there's the potential to jumping over to the DB server > >easily. > >3) Trusted users that need to access the DB server on the programming > >level don't need to go through the firewall. > > > >M. Dante Mercurio, CCNA, MCSE+I, CCSA > >Consulting Services Manager > >Continental Consulting Group, LLC > > > >www.ccgsecurity.com <http://www.ccgsecurity.com> > > > >[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > > > > > > -----Original Message----- > > > From: Aaron C. Newman (Application Security, Inc.) > > > [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, January 24, 2002 1:31 PM > > > To: Mario Behring; [EMAIL PROTECTED] > > > Subject: RE: Vulnerability analysis tools > > > > > > > > > Mario, > > > > > > >- Should I create a DMZ and put this DB server there ? > > > > > > Definitely you want your Oracle database behind a firewall. > > > Even Oracle will tell you the database is not meant to be > > > exposed to the internet directly. Lots of pretty simple DOS > > > attacks if you aren't totally patched and even more serious > > > attacks exist in the external procedure server, listener, and > > > database instance. > > > > > > From the database perspective, you can download a free > > > evaluation of AppDetective for Oracle from > > > www.oraclesecurity.net. It does pen testing and va against an > > > Oracle database. Takes both an inside-out (security from > > > valid user perspective) and outside-in approach (security > > > from unauthorized attacker perspective). > > > > > > Regards, > > > Aaron > > > ____________________________________________ > > > Aaron C. Newman > > > CTO/Founder > > > Application Security, Inc. > > > Tel: 212-490-6022 > > > Fax: 212-490-6456 > > > E-mail: [EMAIL PROTECTED] > > > Web: http://www.appsecinc.com > > > - Protection Where it Counts - > > > > > > > > > -----Original Message----- > > > From: Mario Behring [mailto:[EMAIL PROTECTED]] > > > Sent: 22 January 2002 07:52 > > > To: [EMAIL PROTECTED] > > > Subject: Vulnerability analysis tools > > > > > > > > > Hi list, > > > > > > Does anybody know some good tool for testing a small > > > environment for vulnerabilities ? > > > > > > I have the following scenario: > > > > > > 1- A web server hosted at an IDC (Internet Data Center) > > > 2- A router connected to the IDC via a link (T1 or something) > > > 3- One Microsoft ISA Server running as a firewall with 2 > > > NICs, one connected to the Router described on item 2 and the > > > other connected to the internal network. > > > 4- A Database server - Oracle running on Windows 2000 Server > > > in the internal network. This DB will be accessed by Internet > > > users that visit the website (located at the web server > > > described in item 1) depending on the options they choose at > > > the web page. > > > > > > > > > I need to analyse the vulnerabilities in such a scenario and > > > report them. Is there any tool (freeware or not) that analyse > > > this scenario from various points of view ? For instance, I > > > have to analyse this from the perspective of someone > > > accessing the web page and then accessing the DB server at > > > the internal network. > > > > > > I have some othnet.uestions: > > > > > > - Should I put a real firewall in place (Firewall-1 or Raptor > > > for example) > > > > > > instead of this ISA Server ? > > > - Should I create a DMZ and put this DB server there ? > > > > > > Thanks in advance. > > > > > > Mario > > > > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Send FREE video emails in Yahoo! Mail! > > > http://promo.yahoo.com/videomail/ > > > > > > -- Robert Day [EMAIL PROTECTED] [EMAIL PROTECTED] /////////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Every morning in Africa, a Gazelle wakes up. It knows it must run faster than the slowest lion or it will be killed... Every morning a Lion wakes up. It knows it must outrun the slowest Gazelle or it will starve to death. It doesn't matter whether you are a Lion or a Gazelle... When the sun comes up, you'd better be running. A computer lets you make more mistakes faster than any other invention, with the possible exceptions of handguns and Tequilla. "Everything must be working perfectly, cause I don't smell any smoke" "I haven't lost my mind; it's backed up on tape somewhere." RIP is irrelevant. Spoofing is futile. Your routes will be aggregated. "Toto, we're not in Kansas anymore" Dorothy \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\///////////////////////////////////
