Well It truly depends on what company wants to be in DMZ , things like Firewalls , databases, high availability servers, etc
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2008 7:56 AM To: NT System Admin Issues Subject: DMZ care and feeding OK, we've developed a philosopical situation here regarding a DMZ server: The server hosts a public web site and database. I was told that it needed to be backed up because development was being done in it. My first consideration was a backup mechanism. It wasn't until several minutes later than I did my Donald Duck squawk questioning the wisdom of doing active development on a DMZ machine. Backing up is a bit of an issue (buy a drive, or start collecting CDs from its writable drive), but to me the bigger issue is, should we be backing this up? It seems to me that the DMZ is considered to be "hackable yet isolated". Therefore, it might be best to consider that at any time (from moment #1) that it may have already been compromised. In other words, if we find that in fact it has been cracked, would we even be able to trust that which has been backed up? That we'd never be sure that we had a backup that had never been compromised in any way so it could be restored? It seems to me that, by there nature, materials on DMZ machines should be developed elsewhere, and the finished products should then be published to the DMZ machine. Personally, I'm not worried about being "right or wrong" here but rather wanting to follow "best practices". SO,is it consistant with best practices to go ahead and do development on the DMZ system, back up source code, etc, and presume that when the system has to be re-built we can restore an uncompromized machine? Or, should I be stubborn and insist that development be done elsewhere and then published to the DMZ machine? Thanks - I have a number of folks here wanting answers... -------------------------------------- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~