We have a Web Server (NT 4.0, IIS) that has a connection to a
separate machine (NT 4.0) which hosts a database containing information entered
by our customers through our Web Server. We can not afford to have the
database corrupted. I believe this is a pretty standard kind of
setup.
My problem is that I don't know the best way to set up my
security topology. If I have a firewall between the Web Server and the DB
machine, I have a dedicated port for the database connection on the firewall
which can be exploited. (right?) If I put the database outside of the firewall,
then our data is exposed (very bad). Since this seems to be a fairly
standard configuration, I would think the 'best' security solution has been done
by now ( a lot of assumptions on my part). I have been unsuccessfull in finding
what I need so any help would be appreciated (books, opinions,
etc).
