Re: IIS on DMZ
- From: "Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 17 Jan 2008 17:27:18 +1100
"tony" <tony@xxxxxxx> wrote in message news:ey83dsKWIHA.4476@xxxxxxxxxxxxxxxxxxxxxxx
what i mean is expose port 80 and 443 to the public. Is it safe.
Safe against what, exactly? Nuclear bomb? no.
Lots of companies run IIS 6.0 and have public websites. Like Microsoft.com. So, the mere fact of exposing 80 and 443 doesn't automatically make you insecure.
and would having front end apache proxies in front of the IIS 6 servers be an additional layer of security?
What are these proxies doing? if they are just proxying requests verbatim they are adding no security at all. Are these proxies doing some kind of filtering? If not, you have gained nothing except additional administrative overhead.
But there is no such thing as "perfectly secure". There is only "less secure" and "more secure" (i.e. degress of security). Additionally you can be secure against a particular threat, but completely open to some other threat. You need to work out what your security threats are.
Cheers
Ken
I am trying to convince management to take the linux web proxies out and open port 80/443 on the IIs servers instead
"Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx> wrote in message news:uAbeZcKWIHA.5396@xxxxxxxxxxxxxxxxxxxxxxxSecure against what?
Cheers
Ken
"tony" <tony@xxxxxxx> wrote in message news:%23ayaauAWIHA.4696@xxxxxxxxxxxxxxxxxxxxxxxhow secure is it to have IIS 6 on dmz? do i need to be using apache web proxy at all?
.
- Follow-Ups:
- Re: IIS on DMZ
- From: tony
- Re: IIS on DMZ
- References:
- IIS on DMZ
- From: tony
- Re: IIS on DMZ
- From: Ken Schaefer
- Re: IIS on DMZ
- From: tony
- IIS on DMZ
- Prev by Date: Re: IIS on DMZ
- Next by Date: RE: Access to Site Via WindowsMobile 2006 - Keeps asking for Passw
- Previous by thread: Re: IIS on DMZ
- Next by thread: Re: IIS on DMZ
- Index(es):
Relevant Pages
|
