Will the DB server not be better on a separate LAN to help with perfomance? I dont wany anyone on the LAN blocking call to the DB server from the web server?
-----Original Message----- From: Van den Bossche Eric [mailto:E.VDB@;sherwineu.com] Sent: Thursday, October 31, 2002 15:02 To: ActiveServerPages Subject: RE: Network Design Internet Router | | | Firewall ------DMZ-----Web Server | | | Internal LAN-----all your servers (incl DB server) This is the setup we had and it works perfectly. There is no need to have a link between web and db server. This can be done with the firewall config, it is more secure. Greetings Eric -----Original Message----- From: Chance Ellis [mailto:chance_ellis@;yahoo.com] Sent: Thursday, 31 October, 2002 15:52 To: ActiveServerPages Cc: [EMAIL PROTECTED] Subject: RE: Network Design In your design, if someone compromised your web server they would have access to your internal network through the database server. Since these servers are not firewalls, they will be advertising well known ports to exploit. This design makes your Firewall totally useless. This is how your network should look: Internet Router | Hub | Proxy/Firewall ------DMZ-----Web Server | | | HUB | | | DB Server | | Hub-----------IDS Sensor---------- | | Internal LAN At the Firewall, you only allow traffic to tcp ports 80(http) and 443(https) to the web server in the DMZ. You don't allow any originating traffic from the Internet to your LAN. You allow all traffic from your LAN to the Internet, if this is your policy. Your web server should never have a direct connection to the Internet... HTH --- Daniel Field <[EMAIL PROTECTED]> wrote: > This is what I have: > > > Internet Router > | > Hub-------------------Proxy/Firewall > | | > Web Server-------- | > | | | > Hub | | > | | | > DB Server | | > | | | > | | | > Internal Hub---------------- > | > | > Internal Network > > So the Web server and the proxy machine are the only > machines with direct > Internet connections. > > > > > -----Original Message----- > From: Tore Bostrup [mailto:tbostrup@;telocity.com] > Sent: Wednesday, October 30, 2002 23:22 > To: ActiveServerPages > Subject: Re: Network Design > > > I'm wondering where he'll put it in order to secure > the network. I'm not an > expert in configuring DMZ's etc., but this > configuration sounds like it > contains a number of back doors. > > (Copy the below and paste into Notepad with a > proportional font such as > Courier New): > > Internet > | > +---Web Server---------+ > | | | > | +---DB Server---LAN > | | > +---Proxy (Firewall?)--+ > > Regards, > Tore. > > ----- Original Message ----- > From: "Van den Bossche Eric" <[EMAIL PROTECTED]> > To: "ActiveServerPages" > <[EMAIL PROTECTED]> > Sent: Wednesday, October 30, 2002 12:05 PM > Subject: RE: Network Design > > > > I guess it is time to put a decent firewall in > place !!!!!! > > > > > > Eric - IT Manager > > > > -----Original Message----- > > From: Daniel Field [mailto:daniel@;worldof.net] > > Sent: Wednesday, 30 October, 2002 17:25 > > To: ActiveServerPages > > Subject: RE: Network Design > > > > > > Its through a secured second network card for the > internal network. > > > > At the moment the DB server is only connected to > the web server via a > > secured LAN (The web server as 3 nics and sits on > 3 networks... live > > internet, secured DB, and internal LAN). > > > > Was justing think I could merge the secured DB LAN > with the secured > internal > > LAN. Think I will leave it as is! > > > > -----Original Message----- > > From: Tore Bostrup [mailto:tbostrup@;telocity.com] > > Sent: Wednesday, October 30, 2002 16:20 > > To: ActiveServerPages > > Subject: Re: Network Design > > > > > > You are brave(?) to allow access to your internal > production DB as well as > > you entire local area network through the web > server... > > > > Besides that, of course all those using the same > DB server will compete > for > > the same resources (the database, CPU, memory, > disk, etc.) on the server. > > > > HTH, > > Tore. > > > > ----- Original Message ----- > > From: "Daniel Field" <[EMAIL PROTECTED]> > > To: "ActiveServerPages" > <[EMAIL PROTECTED]> > > Sent: Wednesday, October 30, 2002 8:48 AM > > Subject: OT: Network Design > > > > > > > If I have the following: > > > > > > Live Internet Network: > > > > > > Web Server (Also connected to Internal LAN via > second network card for > DB > > > Access) > > > Proxy Server (Connected to Internal LAN) > > > > > > Internal LAN: > > > DBServer > > > My Desktop Machines > > > > > > Will my desktop machines cause problems for the > web server connecting to > > the > > > DB server? I.E will it slow the connection down? > > > > > > Dan > > > > > > > > > > > > > _____________________________________________________________________ > > > This e-mail has been scanned for viruses by the > WorldCom Internet > Managed > > Scanning Service - powered by MessageLabs. For > further information visit > > http://www.worldcom.com > > > > > > --- > > > You are currently subscribed to > activeserverpages as: > > [EMAIL PROTECTED] > > > To unsubscribe send a blank email to > > %%email.unsub%% > > > > > > > > > --- > > You are currently subscribed to activeserverpages > as: [EMAIL PROTECTED] > > To unsubscribe send a blank email to > > %%email.unsub%% > > > > > _____________________________________________________________________ > > This e-mail has been scanned for viruses by the > WorldCom Internet Managed > > Scanning Service - powered by MessageLabs. For > further information visit > > http://www.worldcom.com > > > > > > > > > _____________________________________________________________________ > > This e-mail has been scanned for viruses by the > WorldCom Internet Managed > > Scanning Service - powered by MessageLabs. For > further information visit > > http://www.worldcom.com > > > > --- > > You are currently subscribed to activeserverpages > as: [EMAIL PROTECTED] > > To unsubscribe send a blank email to > > %%email.unsub%% > > > > --- > > You are currently subscribed to activeserverpages > as: > [EMAIL PROTECTED] > > To unsubscribe send a blank email to > %%email.unsub%% > > > > > --- > You are currently subscribed to activeserverpages > as: [EMAIL PROTECTED] > To unsubscribe send a blank email to > %%email.unsub%% > > _____________________________________________________________________ > This e-mail has been scanned for viruses by the > WorldCom Internet Managed > Scanning Service - powered by MessageLabs. For > further information visit > http://www.worldcom.com > > > > _____________________________________________________________________ > This e-mail has been scanned for viruses by the > WorldCom Internet Managed Scanning Service - powered > by MessageLabs. For further information visit > http://www.worldcom.com > > --- > You are currently subscribed to activeserverpages > as: [EMAIL PROTECTED] > To unsubscribe send a blank email to %%email.unsub%% __________________________________________________ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ --- You are currently subscribed to activeserverpages as: [EMAIL PROTECTED] To unsubscribe send a blank email to %%email.unsub%% --- You are currently subscribed to activeserverpages as: [EMAIL PROTECTED] To unsubscribe send a blank email to %%email.unsub%% _____________________________________________________________________ This e-mail has been scanned for viruses by the WorldCom Internet Managed Scanning Service - powered by MessageLabs. For further information visit http://www.worldcom.com _____________________________________________________________________ This e-mail has been scanned for viruses by the WorldCom Internet Managed Scanning Service - powered by MessageLabs. For further information visit http://www.worldcom.com --- You are currently subscribed to activeserverpages as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED]
