At 11:03 AM 9/2/99 -0400, Morse, Michael H. wrote:
>I believe that the conventional wisdom that web servers should be in the DMZ
>is primarily based on the assumption that web servers, because they contain
>only public information, have little value...
>
>That assumption no longer holds (if it ever did). Web servers are
>critically important to many organizations. So, my position is that Web
>servers should always be placed behind *some* firewall.
That may be "practice" but is it not conventional wisdom *(which is a hard
enough thing to pin down, nowadays, especially on the Internet).
Of course, I agree with the second paragraph.
What I like is:
- a firewall between 2 packet filtering routers
- a HARDENED web server behind the first (Internet side) filtering
router.
Fred
Avolio Consulting
16228 Frederick Road, PO Box 609, Lisbon, MD 21765, US
+1 410-309-6910 (voice) +1 410-309-6911 (fax)
http://www.avolio.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
