Search squid archive

Re: Security Concerns

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2008-11-06 at 14:52 +0000, David Hurcomb wrote:
> Hello,
> 
> I am running Squid on a Linux box which is also hosting a customer
> database (Oracle).
> 
> I am concerned that by having the Proxy server on the same box as the
> database that I am introducing an increased security risk. 
> 
> e.g. an exploit in squid might mean that a hacker is able to gain access
> to my customer database.
> 
> Assuming that my network is locked down so that the (external router)
> firewall has blocked all WAN->LAN traffic to our network on all ports am
> I correct in assuming that....
> 
> The only weakness is from an security exploit to squid being initiated
> from inside our network.
> 
> The network user might potentially be duped to go to a boobytrapped web
> page which has the potential to exploit a security weakness in squid itself.
> 
> Thanks in advance for your answers, I would like to be able to sleep
> soundly that my proxy server is not a security risk to my data.

You did not ask any questions. In general, you are correct that adding
applications to a server increases your security risks. Hopefully, the
benefits of those applications outweigh the risks.

In Squid's case, you can (and should) mitigate some of the risks by
running Squid using a non-privileged user account which is different
from the database user account. If Squid is compromised and Linux is
not, you may lose connectivity but not the database.

HTH,

Alex.



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux