At 08:54 23/05/00 +0100, Andrew Lawrence wrote:
>One firewall vendor has
>already told me that having a firewall would not protect the web server as
>you want people to visit it !
A firewall is designed to control access security - so is a good idea, and
provides good logging too. And can control and secure how your own staff
will update content and remotely manage the web site - often overlooked by
those saying that a router is as good as a firewall for securing a web
server 'because you just block all execept port 80'.
>What we don't want to happen is hackers to compromise the data on the Sql
>server. How secure will it be
There's lot of good advice out there about securing IIS.
But, whatever you do - get the final system TESTED - use a third party
penetration testing house. And tested often - quarterly at a minimum -
threats change fast on the Internet.
Even better - assuming the web server is already live on the net from your
premises - get the system tested now as it is - and again after you've
moved it.
Check out www.NTA-Monitor.com to see the list of major European clients who
use our own testing services.
Deri Jones
NTA Monitor
+44 1634 721855
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
