Really depends on what problem you are trying to solve. Generally... Pro's: -Probably easier to connect your app to it. - If system is compromised, only other systems that may be at risk are the ones accessible from the compromised system. - Ovoid overhead of managing complex firewall configuration (could be a minor pro)
Con's: - More difficult to manage. Since DMZ's may not have a domain every system's policies and authorization may have to be managed add-hoc or through CM. - Security which can be eased if you throw it behind an app-aware firewall (probably some other fancy term for it) where you can allow very specific traffic over a port. That can increase complexity. - Obviously don't put sensitive data on it. If the system is compromised or a flaw is exploited attackers could get access to the SQL data. Just my 0.000002 cents. Sent from my Windows Phone ________________________________ From: Brian McDonald<mailto:[email protected]> Sent: 8/20/2014 12:43 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] SQL behind a DMZ Can anyone tell me of any valid reason why you would install SQL in a DMZ? If ever? What are the pros/cons? Thanks, Brian
