[SATLUG] web server and database
Hector Bojorquez
hbojorquez at satx.rr.com
Thu May 6 21:52:52 CDT 2004
OKAY
so the web server is outside a LAN (which is protected) and the web server itself is protected (a firewall blocking all but port 80-- NO ftp access from anywhere except maybe from inside the LAN- NO traffic from outside)...
The database exists inside the LAN-- Traffic is allowed ONLY from the web server...
Is that copacetic?
BTW
Thanks for all the responses.
> The purpose of a DMZ is to protect the rest of your environment from an
> inherently insecure portion of that environment. If it CAN be secured, it
> should be. If it's an anonymous FTP server (just an example), put it outside
> the firewall and cut off the FTP server's access to everything else with a
> good ruleset. A web server should almost always be secured. Especially if it
> has to maintain a connection to a database. (Opening up 1433 or 3306 through
> the firewall is bad news.)
>
> -jadams
>
More information about the Satlug
mailing list