Would BitTorrent classify as application routing? Seems to me that distributing applications to anyone that wants to download them could also be called “routing”.

I guess I should have specified exactly what I’m talking about. I’ll give it a shot here (though, honestly, I’m not really sure I know exactly what I’m talking about).

Situation:
You have a web server on a DMZ that is exposed to the internet. You have a SQL Server on an inside network. You need to query the SQL server, but traditional firewall rules prohibit that traffic (from an untrusted network into a trusted network).

The concept of application routing would be to replace the firewall with an “Application Router” of some sort that would require authentication by the user to allow the traffic to pass through to the inside network. Basically you allow the traffic on the network layer and then let the applications determine yes/no if the traffic can flow.

Hey Ron! Long time bro. Hope the family is well! Was taking a break from study and was checking my links. Havent been here in awhile but nice to see your site still kikin. We have a Linux Users group here in Lake Charles and I have heard this mentioned although we didnt really go into it. Im assuming that your talking about UNIX boxes.

Just a thought, you know alot more than I do but maybe perhaps this may spark an idea like the STFU server LOL.

Seems to me that using “Application Router” with user authentication to replace the firewall would open a host of other security issues. Maybe not but I dont know your network layout. Would it be possible to open some obscure port # in the router/firewall so that the web server and SQL server could talk to one another through that port? Each server would “Listen” on that port. Then config the Hosts allow/deny to close that port to users that dont have a userid and pass? Any port scan would show that port open I think but no one other than real users could get through if its done right. Dunno if im making much sense but I know what im trying to say LOL. If it wouldnt work this way and if what I said makes any sense LOL would love to hear why. Love to learn!

Take care,
Chris

Hey Chris. It’s been a while…

We’re not looking specifically at one operating system on this. The manager is a total MS loving freak, so there’ll be plenty of windows involved.

We have found what you mentioned to be true - that abandoning security at the network and port layer in exchange for security at the application layer opens up a world of insecurity.

The path I’m looking at now is some sort of a reverse proxy in my DMZ that can talk to the web server on the inside. That way the web server could talk to the SQL server freely.

I’m still not 100% sure I’m crazy about that, but it’s much better than putting a Windows server in place of a Cisco firewall.