Does a DMZ make sense?

Started by 150d, March 27, 2026, 11:30:58 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
March 30, 2026, 04:44:31 PM #15
That was not primarily directed at you. We are basically on the same side.

Sometimes even an application redesign is a perfectly applicable solution. For example in a large web portal we implemented user authentication and role based access. So far so good. The user data itself came from SAP R3 and was considered highly critical.

So instead of copying the user records into the web portal database where any remote code execution (which happens from time to time in web applications implemented in PHP/MySQL/etc.) would have easily lead to a "select * from users;" by the attacker we implemented an authentication service run on a different machine located in a different zone exposing only an API of our own design. That API did not have any "enumeration" function but only allowed for authentication and requesting additional data of a single user which the client (the web portal in this scenario) needed to provide in advance.

It remains difficult and requires skills and experience. That's why I am not dreading to be replaced by AI.

Kind regards,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 30, 2026, 04:52:01 PM #16
Quote from: Patrick M. Hausen on March 30, 2026, 04:44:31 PMIt remains difficult and requires skills and experience. That's why I am not dreading to be replaced by AI.

Wise words, Patrick - and you are right.
 
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 450 up, Bufferbloat A+
Print
Go Up Pages 1 2
User actions