Re: DMZ traffic (was Please help ! need to check IIS volunrabilities.)
miguel.dilaj_at_pharma.novartis.com
Date: 11/28/04
- Previous message: Keith Bucknall: "RE: "Secure" Web Hosting?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Sun, 28 Nov 2004 20:48:55 +0100
Hi!
Well, what comes to mind is putting the DB in the DMZ (or in another DMZ
with other restrictions, if needed) and allowing the clients in the LAN to
connect to it for updates, etc.
I mentioned that connections starting from the DMZ to the LAN must be
forbidden, but the opposite can be allowed of course!
The fact that the DB is in a minicomputer doesn't affect where you want to
put it in the network, you don't need to have 2 and synchronize, just put
it in the proper place for the use it's intended (and have backups ;-)
Cheers,
Miguel Dilaj (Nekromancer)
<sf_mail_sbm@yahoo.com>
26/11/2004 15:03
To: security-basics@securityfocus.com
cc: (bcc: Miguel Dilaj/PH/Novartis)
Subject: Re: DMZ traffic (was Please help ! need to check IIS volunrabilities.)
>>5) Is the configuration of the DMZ "watertight"? (In particular:
>>connections STARTING in the DMZ must be forbidden).
>
>How would you prevent this in a case were a webserver needs to access a
production db in the Internal network for >queries/updates?
>
>You might propose to use another db in the DMZ, and perform regular
synchronisations - but what if the db is >being held on a minicomputer
(cost issue))?
- Previous message: Keith Bucknall: "RE: "Secure" Web Hosting?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
