my whole company and customer info/credit cards on the internet

I've been searching for a new ERP solution for my company for a while and I
think I've finally found the best one for us. But now I'm being cautioned
about some things so I need some good arguments about how I should setup the
database server.

The application is written in .net it is a N tiered application (I guess
that's what it's called) and it also has a tightly integrated commerce site.
The system was designed to work best with the app db and commerce db on the
same sql server. Desktop clients can connect by internet access if that
server isn't on the LAN and the website can even connect to the LAN but this
obviously wouldn't work because we're only using DSL here.

I've been cautioned that I shouldn't have internet access on my database
server. I somewhat understand the reasoning for this but to me it seems most
data is about as secure as the applications that access them in the first
place. So even if I had a state of the art network in place, a security flaw
in the app could screw me over regardless.

What is good business security practice for handling/storing sensitive
customer information on the internet and what is overkill/paranoia? This is
a serious questions so I'd appreciate not to be mocked.

I'm not a DBA so maybe I'm a little off on my terms, feel free to correct me
where I'm wrong. But it seems to me that if didn't use the same db server
for both the website and main system I'd have a lot of extra work like
replicating web data to web enabled sql server in our office and from the
"live server" on our LAN and then back again.

Thanks in advance for your advice/criticism/suggestions.


Relevant Pages

  • Re: smbclient timeout, file truncated / 9.1 Pro (was Re: conflict...
    ... >and the OS/2 machines on the LAN. ... NETBEUI was invented to allow windows clients to use an OS/2 server. ... 9 buffer small read and write requests until the buffer is full ... Acknowledgment Timeout ...
  • Re: Indirect synchronization setup with no synchronizers on servers
    ... Replica Manager to be installed at all. ... trust any LAN, except the LAN where the file server is that stores my ... remote PCs have synchronizers but the server does not. ... There is no difference between a synchronizer operating on replicas ...
  • Re: Possible to secure WEP?
    ... It doesn't have to be a "server". ... this IP cannot be in the same class C IP block as your own LAN. ... To keep it simple, my gateway router, ... Ethernet adapter Local Area Connection: ...
  • Re: Can only connect to local RWW, over internet cannot
    ... OK, so now we know RWW works, and it is a function within RWW, the ability ... to 'Connect to Server' which is problematic, from inside the LAN. ... The 'Connect to server desktops' and 'Connect to my computer at work' ... RDP Proxy dynamically opens the connection to the requesting IP so at this ...
  • Re: VPN: Can connect but not browse or do anything
    ... With a workgroup, you have 2 master browser on 2 segments, and no way ... If you setup a domain, I'd recommend a DNS server, as WINS is legacy technique. ... all connected in a LAN behind a router. ... We need to share these 3 printers with the ...