Put
the Web server in your DMZ and only allow what you absolutely need in (http?,
https?). Then allow the web server access back in to the internal server
but only to the database server and the required port(s). You will
still want to regularly back up the database in case someone figured out a way
in to it. It is never a very good idea to allow a DMZ machine access to
your private network but it is safer than putting the database server in the DMZ
with the Web server.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wes Motter
Sent: Wednesday, December 23, 1998 7:59 AM
To: [EMAIL PROTECTED]
Subject: web server with backup end databaseWe have a Web Server (NT 4.0, IIS) that has a connection to a separate machine (NT 4.0) which hosts a database containing information entered by our customers through our Web Server. We can not afford to have the database corrupted. I believe this is a pretty standard kind of setup.My problem is that I don't know the best way to set up my security topology. If I have a firewall between the Web Server and the DB machine, I have a dedicated port for the database connection on the firewall which can be exploited. (right?) If I put the database outside of the firewall, then our data is exposed (very bad). Since this seems to be a fairly standard configuration, I would think the 'best' security solution has been done by now ( a lot of assumptions on my part). I have been unsuccessfull in finding what I need so any help would be appreciated (books, opinions, etc).
