> What I'm looking for is concrete reasons to give for the 2
> box recommendation vs all on one box.
If they are truly worried about security my suggestion would be to place a
webserver within a DMZ on the firewall, only allowing those ports required
through to it. Then put a database machine within the protection of the
firewall and punch a port through to allow only the web server in the DMZ to
talk to only the database server within the firewall.
This would provide two things - the webserver, though open to some of the
outside world traffic, would be relatively secured against NetBIOS attacks
and the like. If it is compromised then the only thing lost would be that
machine. Your database server (which is by and far the more important of
the two when it comes to protecting, you've got web apps in 5 places but
that data's only in one) would be within the firewall and secured from the
outside.
Hope this makes sense, that's the way I've seen it done on several
occasions.
Hatton
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
