RE: Secure Network Design (DMZ, LAN, etc)
From: Jef Feltman (feltman@pacbell.net)Date: 08/22/02
- Previous message: Wesley Shields: "Re: Laptops"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Aug 2002 14:05:38 -0700 From: Jef Feltman <feltman@pacbell.net> To: security-basics@securityfocus.com
there should be no problems with a switch and VLAN. A better choice would be
the 2 nics in each server and a private network behind the servers with the
database connected.
there are a couple of solutions for getting access to the database. the
easiest is to add another NIC and connect it to your inside network. do not
give the database a default gateway, that will prevent any packets from
getting outside your private network, only allowing access to servers and
where ever else you plugged it to.
jef
-----Original Message-----
From: booth monkey [mailto:boothmonkey@hotmail.com]
Sent: Tuesday, August 20, 2002 9:21 AM
To: tshoemaker@deltadentaltn.com; danielrm26@hotmail.com;
matthew@devney.net
Cc: security-basics@securityfocus.com
Subject: RE: Secure Network Design (DMZ, LAN, etc)
Perhaps there was some confusion from my diagrams...
I realize that this wasn't very clear but what I intended to illustrate was
that the web servers would in fact have 2 NICs each, one on the
192.168.1.0/24 network (for the load-balancer) and another one on the
10.10.10.0/24 (for talking to the databases). I've used this setup before
with no trouble (even through a shared switch with VLAN support).
Any thoughts on the IPTables vs. a commercial firewall thing?
BM.
- Previous message: Wesley Shields: "Re: Laptops"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
