Can Back-end Database Servers Access The Internet?

Many Back-end “Golden Goose Servers” Connect to the Internet.

The term Golden Goose Server applies to devices containing highly sensitive information – financial, health or your most guarded secrets. Protected by firewalls? Maybe, until it’s not, happening far too often.

Back-end database servers and most similar servers do not need to connect to the Internet. Web servers are user facing, databases and other back-end servers are behind the Web server, the Web server gathers data from the back-end server, but users rarely need to connect to the back-end server.  Why might a key database or other back-end server connect to the Internet?  Operating system or software updates?  Updates are initiated by the server “from inside the firewall” allowing it to connect.  (That’s a common protection method, devices on the inside of the firewall can connect going out, but those outside the firewall cannot initiate a connection coming into the firewall.  Purportedly, nothing can come into the server because the firewall protects it from sessions initiated from outside the firewall on the Internet.

And what if that same server gets infected with a Trojan virus?

It’s going to connect outside to the Internet and lay it’s precious golden egg data right where the hacker code directs on the Internet.

If the Golden Goose is allowed to connect, it can potentially connect to the wrong device.

What if you a.) Don’t want your Golden Goose Server to ever connect to the Internet? and b.) Don’t want it to connect to Internal users, and c.) Don’t want it to be able to connect to any of these devices even if your firewall is compromised or miss-configured? That’s when Hop Sphere Radius Security is applied. Even if an Internal user has security credentials, Hop Sphere Radius Security won’t allow access to the device – it cannot connect and won’t provide a login prompt.

Many of the most recent Biggest Security Breaches could not have been completed in the way described had Hop Sphere Radius Security been applied. That’s a pretty big claim. Perhaps it’s worth investigating?

There are many good reasons to limit your Golden Goose from “sticking it’s neck out” on the Internet.  Here are the Biggest:

Here are more good reasons you don’t need to connect the Golden Goose to the Internet.

1.) It doesn’t need to. Update from hardened internal servers that themselves are not connected to the Internet. Get updates downloaded from other hardened systems, scan vigorously and then place on the internal data center update server. Update from internal servers, not the Internet.  The cost of an internal update system is cheap in light of cleanup and organizational public image associated with a security breach.

2.) It’s dangerous.  Connecting any machine to the Internet must be carefully weighed and many architectural protective steps taken first and monitor continuously.  Some organizations have rooms full of security analysts going over every connection your desktops or servers make on the Internet.  They use expensive leading edge security tools and work 24/7 examining every connection made. With Hop Sphere Radius Security applied to reduce 100% Internet global access down to under 1% access the work those security analysts perform and the systems they use obviate real and nuisance attacks from around the world giving them more bandwidth to concentrate on the real attacks within the Hop Sphere Radius Limits specifically appropriate for each Golden Goose Server.

3.) It’s expensive. Not limiting the Golden Goose Server from Internet or reducing it’s Hop Sphere Radius will cost more than the proactive measures and it’s embarrassing. Ask NSA, Target, Anthem, EBay, Chase among others.  Proactive and Hop Sphere Radius Security costs are lower than breach cleanup costs.

Talk with us today.  Visit Golden Goose Security

Share This