Alternatively, you can put the inside webserver on a trusted OS and
use the networking components to prevent the webserver from attacking
other hosts on the internal network should the web server software
or other host software be compromised.
---------------------------------------------------------
Paul McNabb, CISSP Argus Systems Group, Inc.
Vice President and CTO 1809 Woodfield Drive
[EMAIL PROTECTED] Savoy, IL 61874 USA
TEL 217-355-6308
FAX 217-355-1433 "Securing the Future"
---------------------------------------------------------
> From [EMAIL PROTECTED] Thu Sep 2 15:58:25 1999
> From: "Fogel, Avi" <[EMAIL PROTECTED]>
> To: Roy <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: RE: Pros/Cons of WWW Server in LAN vs DMZ?
> Date: Thu, 2 Sep 1999 13:05:07 -0400
>
> Alternatively you could place the www servers outside the firewall with an
> embedded firewall right on the www servers. Depending on the number of www
> servers you may actually see improved preformance and lower latency for a
> large number of web servers
>
> Avi Fogel
> Network-1 Security Solutions, Inc.
> "Securing e-Business Networks"
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 02, 1999 8:29 AM
> To: Roy
> Cc: [EMAIL PROTECTED]
> Subject: Re: Pros/Cons of WWW Server in LAN vs DMZ?
>
>
>
>
> Hi Roy,
>
> By opening your firewall to the web server located on your LAN you've
> already
> lost the battle. When your web server is compromised the attacker will
> already
> be inside your trusted network. By placing your web server in your DMZ your
> able to reduce the risk of compromise to your trusted network. Of course
> your
> DMZ architecture is key, being able to deny all direct inbound traffic from
> the
> web server to the trsuted net will be necessary for the above statement to
> be
> true.
>
> So in a nutshell you would be looking at something like this for it to be
> effective:
>
> <Screening router> ---------<WWW DMZ> -------- <FW Blocking all inbound
> connectivity> ------- <Choke Router> ----------------- <Trusted Net>
> (Not completely
> necessary)
> Hope this helps, (If FW is
> application based)
>
> --Neil
>
>
>
>
> "Roy" <[EMAIL PROTECTED]> on 09/01/99 12:13:07 PM
>
> Please respond to "Roy" <[EMAIL PROTECTED]>
>
>
>
> To: [EMAIL PROTECTED]
>
> cc: (bcc: Neil Buckley/Lycos)
>
>
>
> Subject: Pros/Cons of WWW Server in LAN vs DMZ?
>
>
>
>
>
>
>
> We have the option of placing a www app server outside our firewall, in the
> DMZ or behind the firewall in our LAN by opening port 80 to the www app
> server's IP address.
>
> What are the pros and cons of placing it in the DMZ vs in the LAN?
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
