Hello all,
This may seem sort of off topic and I apologize if it is, but it does involve a Cold Fusion server and I think you guys/gals would likely know the answer. Here goes: We are attempting to secure our network which was admittedly *not secure* before. So, we have purchased a 3COM Superstack 3 firewall which is up and running and seems to be working great. I am wondering what the recommended topology should be for the Web Server (which is Windows 2000 Server, running IIS and Coldfusion 4.5) and the SQL Server (diff machine, Windows 2000 Server, SQL 2000). It seems to me that the web server should be in the DMZ (in front of the firewall) but I have the following questions. 1) Should the SQL Server be behind the firewall? The answer seems to me to be yes - if so, what port do I have to open to allow communication between the Web/CF Server and the SQL Server so that they can still talk to each other. Our intranet (LAN users) and website (WAN) users need to access the same database. These other questions are more off topic but help would still be *very much * appreciated 2) For servers in the DMZ, is there any rational reason for them to be in the domain? Wouldn't it be more secure to keep those machines as standalone (non-domain) machines so that if they are compromised, all domain machines are still behind the firewall? The only benefit I can see to keeping them in the domain is group policy. Misc... even more OT: 3) For those running DNS servers in house, is it customary for you to actually have a dedicated DNS machine? Or do you, as we currently do, use a server for dual purpose (maybe it would be an FTP Server and a DNS Server). Also, are there any "plug and play" DNS "network appliances" available that wouldn't require a $1000+ license of Windows 2000 server? Thanks very much for any wisdom you can offer to a Cold Fusion Administrator/Network Security newbie. Dustin Snell Unisyn Software, LLC ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists