My recommendation is to put the Web Server on a third interface of the
firewall (DMZ or whatever you call it). Keep the db machine inside
your internal LAN, with only the necessary ports open on the firewall
between the web server and db machine.
Further, you should make the web server as secure as possible, and if
possible, implement SSL etc.
Paul V. Alukal
Consultant ( http://www.securedigit.com )
Bristol-Myers Squibb Company
Princeton
On Thu, 13 May 1999, Greg Bastian wrote:
> Hi,
>
> I have a general question about the accessing of a web server.
>
> Do I place the web server (NT IIS) on a DMZ, behind a packet filtering
> router, configured as a bastion host ?
> or do I place it behind the firewall (TIS FWTK) bastion host, and forward
> requests to the web server on my LAN ?
>
> I have a web server that accesses a database, however I would like to place
> this db on a machine on my internal LAN, and have the web server access it,
> however I don't know the best placement of the web server.
>
> I am a little confused about this issue, as I have read that the outside
> firewall interface should be the only thing visible on the internet.
>
> I have read the fw faq, and this did little to help me answer the question.
>
> If it makes any further difference, our internal lan is masqueraded behind a
> Linux router, so none of our LAN machines appear as more than the router.
>
> Help appreciated,
>
> Greg.
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
