Re: securing a database from DMZ traffic



In article <1184938705.421349.96740@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
crussell18@xxxxxxxxx says...
We are in the process of creating a DMZ for our web servers. Currently
our web servers have sit on our internal network. Moving the web
servers to a DMZ is the easy part, but what I am not sure about is how
to secure our database. I do not want it to sit the database on the
DMZ, but I also do not want to allow my DMZ to access the internal
network to hit the database. Does any one have a suggestion that i can
lookinto.
We have a Cisco ASA5510 firewall and muliple Cisco 3560g switches. Any
suggestions would be appreciated

A typical database/web layout has the database servers in the LAN with
the Web Servers in the DMZ. You open the port(s) needed for database
communications between the Web Servers and the Database servers through
the firewall DMZ>LAN, and only to those IP/Ports. You do not use Windows
Authentication in your database/web application, you would use SQL
Authentication.

If you network is based on Microsoft platforms you want to make sure
that your web servers are NOT part of your active directory structure
and that you only open the Database communication ports from the web
servers to them.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.



Relevant Pages

  • Re: One domain controller for several dmzs
    ... DMZ for Windows network traffic. ... > servers into a different network that the web servers. ...
    (microsoft.public.windows.server.active_directory)
  • re: Need Help With Frontpage 2000 and Linking to Databases on another server.
    ... make sure that both Web servers *and* the file ... permissions on the file share that contains the database. ... Microsoft FrontPage MVP ... servers, lets call it web1 and the other web2, So what is ...
    (microsoft.public.frontpage.client)
  • Re: automated birthday alert webpart
    ... Do you have any web servers available that you could be a asp.net page? ... > file to register my customized web parts (.dwp files) as safe. ... >> to have a copy of the database. ... >>>i want to add my customized automated birthday alert webpart which will ...
    (microsoft.public.sharepoint.portalserver)
  • Re: balancing connections - any idea ?
    ... The other day there was a discussion about "load balancing" web servers ... while there are solutions for the activity that *reads* from the database, ... to peer transactional replication splitting connections and replicating ...
    (microsoft.public.sqlserver.server)
  • Re: Speed between database and apps server
    ... Three indentical 10g Application Web Servers with the same J2EE app are ... the connection betwween the apps servers and the database. ... If it actually is the network that's the bottleneck, ...
    (comp.databases.oracle.server)