Hi all What are the issues involved in securing a RDBMS that is serving a web-server in DMZ. RDBMS is postgreSQL, OS is Linux, Webserver is Apache. Application is CRM, Customer Registration/Editing is the main part that interacts with the web, Rest of the CRM application works in the Green subnet protected by an iptables firewall, specicically IPcop v. 1.3 presently. Should I bifurcate the DB and put the registration part in DMZ or should I put a copy of the registration part in DMZ and sync it periodically with the main DB. Or should I keep full DB on the Green Network & create a pinhole to access the RDBMS from the Green subnet, maybe in some kind of ssh tunnel. Any other ideas unknown to me that may be workable? Can some one point me to resources that discuss these issues. Also, I would like the experienced people to please comment on pros & cons of various methodologies and pointers to security literature/checklists for Web-server/RDBMS security issues, especially on a shoestring budget with netfilter, linux & other open source tools. Please touch on various subjects like monitoring, recovery etc., so as to give me broad idea of scope of my research and pointers to resources. With best regards and thanks in advance. Sanjay.
