What type of security problems are mitigated by this .NET architecture?

Posted by Jonno on Server Fault See other posts from Server Fault or by Jonno
Published on 2010-06-16T12:54:23Z Indexed on 2010/06/16 13:13 UTC
Read the original article Hit count: 245

Filed under:
|
|
|

Given the following physical layout for a .NET web application:

  1. DB (sql server, windows) - No public route (no table access, only stored procs)

  2. Web Service DAL (iis, windows) - No public route (can be accessed by web server via port 80 and 443)

  3. Web Server (iis, windows) - Public route (only via port 80 and 443)

What type(s) / examples of attack could be used to compromise the public web server but would be blocked by the Web Service DAL? i.e. can you think of concrete attack types that the DAL stops?

Please note, I am interested only in the security aspect, not scaling / fault tolerance / performance / etc.

In my mind if the web server has been compromised using an attack over port 80/443, then the same attack would work over port 80/443 to the Web Service DAL box.

© Server Fault or respective owner

Related posts about .NET

Related posts about ASP.NET