Web server on DMZ. Oracle normally goes inside but put it on separate leg of DMZ if possible.
> the firewall. Behind the firewall, the firewall software > would recognize and > stop that kind of activity. common misperception is that firewalls magically protect us from all attacks including anthrax and pipe bombers making smiley faces. firewalls only direct traffic. they can't detect most attacks like code red. if web server was inside, code red would toast it. dreez > -----Original Message----- > From: Fei Yang [mailto:[EMAIL PROTECTED]] > Sent: Friday, May 10, 2002 12:42 PM > To: Mike Le Master; [EMAIL PROTECTED] > Subject: RE: Web Server Placement > > > Where's your Oracle server? Can you put both of them into > your inside network? Your consultant is very correct > regarding how firewall can protect inside hosts. > > Fei. > > -----Original Message----- > From: Mike Le Master [mailto:[EMAIL PROTECTED]] > Sent: Monday, May 06, 2002 11:15 AM > To: '[EMAIL PROTECTED]' > Subject: Web Server Placement > > > We are a small shop getting serious about installing our > first web server. > The server would be used by six clients totaling about 20 > users to access an > Oracle app on a server. We have a PIX 515 with all ports > closed except for > the internet and Citrix. > The outside consultant recommends that the web server be > placed inside the > firewall. Their logic is... > If the web server is outside the firewall, it is more > vunerable to attack as > it can be flooded or otherwise brought down since it won't be > protected by > the firewall. Behind the firewall, the firewall software > would recognize and > stop that kind of activity. The firewall would also protect > the rest of the > network because all other IP addresses that are inside the > firewall would be > made invisible by the firewall. > Outside the firewall, we could connect to the Oracle server > but that would > require the oracle server be given a public IP address so the > web server > could see it. > I think that it should be outside the firewall. > > I welcome any suggestions and the reasoning behind the > suggestions as to > proper placement of the web server. > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > For Account Management (unsubscribe, get/change password, > etc) Please go to: > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > For Account Management (unsubscribe, get/change password, > etc) Please go to: > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
