Re: To DMZ or not DMZ

From: John Bell (jbellnewsposts_at_hotmail.com)
Date: 12/23/04 

Date: Thu, 23 Dec 2004 08:09:54 -0000

Hi

What is not clear from your post is if the data on each of your systems will
be different. If there is no difference then you are not gaining anything by
having a separate systems. Regardless of whether you have an second system
you should be locking down IIS and your database to stop intrusion as it is
internet facing. If you don't lock it down then all your systems and the
data on them are vulnerable.

A starting point would be to run MBSA on all your servers
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod112.asp

John

"Peter Kaufman" <pmkdatabase_at_yahoo_dot_ca> wrote in message
news:8hlks0pfcm5svoseefass0b3srkreutgnq@4ax.com...
> Hi John,
>
> I am just worried that while I have a firewall in place, perhaps that
> is not good enough, especially as soon we will have a ADSL connection
> with fixed IP whereas now it is dialup using dynamic DNS. I know some
> fairly knowledgeable bad guys are trying to hack me.
>
> The link you provided does suggest a firewall but there is no mention
> of DMZ - I think I will leave it alone.
>
> Regards,
>
> Peter
>
> On Wed, 22 Dec 2004 15:33:42 -0000, "John Bell"
> <jbellnewsposts@hotmail.com> wrote:
>
>>Hi
>>
>>I am not sure why you wish to change the current configuration if it is
>>already accessed from inside and outside?
>>
>>You may want to look at the best practices described at
>>http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sp3sec04.mspx
>>
>>John
>>
>>"Peter Kaufman" <pmkdatabase_at_yahoo_dot_ca> wrote in message
>>news:me4is01h9f3qbm3d10g7k2r73fir3551vo@4ax.com...
>>> Hi,
>>>
>>> I have an sql database that is accessed both from Intranet and a few
>>> users on the Internet. I am having a hard time deciding whether to put
>>> the database server on a DMZ and set up a second one for internal
>>> usage or just continue on with the server behind a good firewall but
>>> on the LAN, and a member of the internal domain.
>>>
>>> It is going to be a hassle (and expensive) to use two SQL servers for
>>> this - not only will I have to keep them synced, now the outside users
>>> authenticate with AD user names/passwords.
>>>
>>> What would you guys do?
>>>
>>> Thanks,
>>>
>>> Peter
>>>
>>
>

Relevant Pages

  • Her drawing was initial, public, and restricts in addition to the segment.
    ... It's very fellow, I'll enable ahead or Mary will ... May does Murad defeat so regardless, ... John attributes the external train very hastily? ... it will specially reserve the ...
    (sci.crypt)
  • Re: IE 6 Cant connect to net
    ... "John Blair" wrote in message ... > Most of the time I don't run a firewall on that machine, ... I can no longer ping. ... >>Michael Solomon MS-MVP ...
    (microsoft.public.windowsxp.general)
  • Re: NTP
    ... > John Smith wrote: ... This command tests if the server is reachable and if it will ... Another quick test would be deactivate the firewall temporarily ... and then restart the ntpd daemon ...
    (alt.os.linux.suse)
  • Re: NTP
    ... > Hi John, ... Thanks to gracious firewall. ... Is it a dedicate network LAN ... was ntp configured by hand or via the YaST ...
    (alt.os.linux.suse)
  • Re: OE Send/Recieve Broken - NOT firewall/av-related
    ... AFAIK there have been no "auto-updates...pushed in the last few days", John. ... > Your server has unexpectedly terminated the connection. ... > NO FIREWALL, ... > don't point me to AV/Firewall disabling instructions. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)