[squid-users] Security Concerns

From: David Hurcomb <david.hurcomb_at_mpfs.org.uk>
Date: Thu, 06 Nov 2008 14:52:56 +0000

Hello,

I am running Squid on a Linux box which is also hosting a customer
database (Oracle).

I am concerned that by having the Proxy server on the same box as the
database that I am introducing an increased security risk.

e.g. an exploit in squid might mean that a hacker is able to gain access
to my customer database.

Assuming that my network is locked down so that the (external router)
firewall has blocked all WAN->LAN traffic to our network on all ports am
I correct in assuming that....

The only weakness is from an security exploit to squid being initiated
from inside our network.

The network user might potentially be duped to go to a boobytrapped web
page which has the potential to exploit a security weakness in squid itself.

Thanks in advance for your answers, I would like to be able to sleep
soundly that my proxy server is not a security risk to my data.

-- 
*David Hurcomb*
IT Manager
Metropolitan Police Friendly Society Ltd. (MPFS)
Tel: 01689 891454
Fax: 01689 891455
Registered Address: Berwick House, 8/10 Knoll Rise, Orpington, Kent. BR6
OEL
MPFS is authorised and regulated by the Financial Services Authority
(Reg. No. 110026)
Incorporated under the Friendly Societies Act 1992 and Registered in the
UK No. 496F
Received on Thu Nov 06 2008 - 14:53:07 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 06 2008 - 12:00:03 MST