RE: CF and DMZs

2005-04-12 Thread James Holmes
Having an intranet webserver behind your firewall and the public one in the
DMZ isn't such a bad idea.

It is also possible to run CF in distributed mode, so that it is on a
separate machine to that of the webserver, so the CF machines can all be
behind the firewall (instead of having one in the DMZ with the webserver).

-Original Message-
From: Coleman, Brian [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, 12 April 2005 3:50 
To: CF-Talk
Subject: RE: CF and DMZs

Yeah, I meant demilitarized zone (DMZ) in this reference...I didn't even
know there was another meaning to it!

I'm beginning to wonder if having a webserver on the inside is just overkill
in our situation. Sensitive data is housed in a SQL server that would not be
in the DMZ, though there might be some PDFs or other types of documents they
would want protected.

~|
Find out how CFTicket can increase your company's customer support 
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202380
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54


RE: CF and DMZs

2005-04-12 Thread Connie DeCinko
One scenario is to have that internal box for all of your authoring and
prestaging.  No one ever touches code on the box in the DMZ.  You have a
scheduled task that copies changes to it for you.  It only accepts changes
from the other box.
 

-Original Message-
From: James Holmes [mailto:[EMAIL PROTECTED] 
Sent: Monday, April 11, 2005 11:21 PM
To: CF-Talk
Subject: RE: CF and DMZs

Having an intranet webserver behind your firewall and the public one in the
DMZ isn't such a bad idea.

It is also possible to run CF in distributed mode, so that it is on a
separate machine to that of the webserver, so the CF machines can all be
behind the firewall (instead of having one in the DMZ with the webserver).





~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202435
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54


CF and DMZs

2005-04-11 Thread Coleman, Brian
The powers that be are talking about setting up a DMZ this summer and
want to have a webserver in the DMZ and another webserver on the
internal network.
I won't be setting up the DMZ or anything, but I do the Cold Fusion
pages and web server maintenance. I'm googling around today for
information about web servers in a DMZ environment, but if anyone has
any information, I'd appreciate it.
 
We're going to be using win2k and IIS5.0 on both web servers, with CF MX
6.1
They've mentioned that the reason for a putting the webserver in the DMZ
is so that if anyone hacks it, it can be blown away and recreated
using the internal webserver. This sounds like something you'd use a
backup for, rather then another server, but maybe if the internal server
was replicating files and any changes on the external server would get
blown away? I would also assume that only the DMZ server would need CF
server installed on it and a license for CF, although I'm still looking
into this, too.
 
Thanks,
Brian


~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202237
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54


Re: CF and DMZs

2005-04-11 Thread S . Isaac Dealey
I've been seeing peolpe using this term lately, which is strange,
because it seemed to happen rather suddenly, like AJAX... I had to
search acronymfinder.com to find out it means Data Management Zone
 seems to me like a poor choice of acronyms, as my only frame of
reference prior to this point was Demilitarized Zone -- which is the
first hit and bold on acronymfinder.


 The powers that be are talking about setting up a DMZ this
 summer and
 want to have a webserver in the DMZ and another webserver
 on the
 internal network.
 I won't be setting up the DMZ or anything, but I do the
 Cold Fusion
 pages and web server maintenance. I'm googling around
 today for
 information about web servers in a DMZ environment, but if
 anyone has
 any information, I'd appreciate it.

 We're going to be using win2k and IIS5.0 on both web
 servers, with CF MX
 6.1
 They've mentioned that the reason for a putting the
 webserver in the DMZ
 is so that if anyone hacks it, it can be blown away and
 recreated
 using the internal webserver. This sounds like something
 you'd use a
 backup for, rather then another server, but maybe if the
 internal server
 was replicating files and any changes on the external
 server would get
 blown away? I would also assume that only the DMZ server
 would need CF
 server installed on it and a license for CF, although I'm
 still looking
 into this, too.

 Thanks,
 Brian


s. isaac dealey   954.522.6080
new epoch : isn't it time for a change?

add features without fixtures with
the onTap open source framework

http://macromedia.breezecentral.com/p49777853/
http://www.sys-con.com/author/?id=4806
http://www.fusiontap.com



~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202255
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54


Re: CF and DMZs

2005-04-11 Thread Adrocknaphobia
I think we are talking about DMZ in the terms of Demilitarized Zone.
Which does comes from the military term popularized in Korea. A true
DMZ means that your webservers are on a seperate part of the network
where all port traffic is allowed. Or in most cases, it means a less
secure part of the network where internet traffic is allowed.
Hopefully you would still have a firewall between the internet and the
DMZ to only allow certain port traffic (like 80). So any server that
_is not_ in the DMZ is inaccesible from the internet.

CF has really nothing to do with the DMZ at all. A very common setup
is to put your webservers in the 'DMZ' and your database servers on a
more secure network outside of the DMZ. Your DMZ firewall should only
allow port 80 traffic from the internet. Meaning your databases server
cannot be accessed directly from the internet.

However if you now have two seperate CF servers, MM would appericate
it if you bought the additional license. It doesn't matter if the
server is available online or not.

wikipedia definition:
In terms of computer security a demilitarized zone (DMZ) is a network
area that sits between an organisation's internal network and an
external network, usually the Internet. The DMZ allows contained hosts
to provide services to the external network, while protecting the
internal network from possible intrusions into those hosts. In
layman's terms a DMZ is like a one way street.

-Adam

On Apr 11, 2005 3:29 PM, S. Isaac Dealey [EMAIL PROTECTED] wrote:
 I've been seeing peolpe using this term lately, which is strange,
 because it seemed to happen rather suddenly, like AJAX... I had to
 search acronymfinder.com to find out it means Data Management Zone
  seems to me like a poor choice of acronyms, as my only frame of
 reference prior to this point was Demilitarized Zone -- which is the
 first hit and bold on acronymfinder.
 
 
  The powers that be are talking about setting up a DMZ this
  summer and
  want to have a webserver in the DMZ and another webserver
  on the
  internal network.
  I won't be setting up the DMZ or anything, but I do the
  Cold Fusion
  pages and web server maintenance. I'm googling around
  today for
  information about web servers in a DMZ environment, but if
  anyone has
  any information, I'd appreciate it.
 
  We're going to be using win2k and IIS5.0 on both web
  servers, with CF MX
  6.1
  They've mentioned that the reason for a putting the
  webserver in the DMZ
  is so that if anyone hacks it, it can be blown away and
  recreated
  using the internal webserver. This sounds like something
  you'd use a
  backup for, rather then another server, but maybe if the
  internal server
  was replicating files and any changes on the external
  server would get
  blown away? I would also assume that only the DMZ server
  would need CF
  server installed on it and a license for CF, although I'm
  still looking
  into this, too.
 
  Thanks,
  Brian
 
 s. isaac dealey   954.522.6080
 new epoch : isn't it time for a change?
 
 add features without fixtures with
 the onTap open source framework
 
 http://macromedia.breezecentral.com/p49777853/
 http://www.sys-con.com/author/?id=4806
 http://www.fusiontap.com
 
 
 

~|
Discover CFTicket - The leading ColdFusion Help Desk and Trouble 
Ticket application

http://www.houseoffusion.com/banners/view.cfm?bannerid=48

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202259
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54


RE: CF and DMZs

2005-04-11 Thread Coleman, Brian
Yeah, I meant demilitarized zone (DMZ) in this reference...I didn't even
know there was another meaning to it!

I'm beginning to wonder if having a webserver on the inside is just
overkill in our situation. Sensitive data is housed in a SQL server that
would not be in the DMZ, though there might be some PDFs or other types
of documents they would want protected.



-Original Message-
From: Adrocknaphobia [mailto:[EMAIL PROTECTED] 
Sent: Monday, April 11, 2005 2:41 PM
To: CF-Talk
Subject: Re: CF and DMZs

I think we are talking about DMZ in the terms of Demilitarized Zone.
Which does comes from the military term popularized in Korea. A true
DMZ means that your webservers are on a seperate part of the network
where all port traffic is allowed. Or in most cases, it means a less
secure part of the network where internet traffic is allowed.
Hopefully you would still have a firewall between the internet and the
DMZ to only allow certain port traffic (like 80). So any server that
_is not_ in the DMZ is inaccesible from the internet.

CF has really nothing to do with the DMZ at all. A very common setup
is to put your webservers in the 'DMZ' and your database servers on a
more secure network outside of the DMZ. Your DMZ firewall should only
allow port 80 traffic from the internet. Meaning your databases server
cannot be accessed directly from the internet.

However if you now have two seperate CF servers, MM would appericate
it if you bought the additional license. It doesn't matter if the
server is available online or not.

wikipedia definition:
In terms of computer security a demilitarized zone (DMZ) is a network
area that sits between an organisation's internal network and an
external network, usually the Internet. The DMZ allows contained hosts
to provide services to the external network, while protecting the
internal network from possible intrusions into those hosts. In
layman's terms a DMZ is like a one way street.

-Adam

~|
Discover CFTicket - The leading ColdFusion Help Desk and Trouble 
Ticket application

http://www.houseoffusion.com/banners/view.cfm?bannerid=48

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202265
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54


Re: CF and DMZs

2005-04-11 Thread S . Isaac Dealey
Thanks for the clarification Adam, that's appreciated. :)

s. isaac dealey   954.522.6080
new epoch : isn't it time for a change?

add features without fixtures with
the onTap open source framework

http://macromedia.breezecentral.com/p49777853/
http://www.sys-con.com/author/?id=4806
http://www.fusiontap.com



~|
Discover CFTicket - The leading ColdFusion Help Desk and Trouble 
Ticket application

http://www.houseoffusion.com/banners/view.cfm?bannerid=48

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202275
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54


Re: CF and DMZs

2005-04-11 Thread Adrocknaphobia
np. working for the gov, it is one of a billion acronyms I'm required
to use daily. :)

-Adam

On Apr 11, 2005 4:15 PM, S. Isaac Dealey [EMAIL PROTECTED] wrote:
 Thanks for the clarification Adam, that's appreciated. :)
 
 s. isaac dealey   954.522.6080
 new epoch : isn't it time for a change?
 
 add features without fixtures with
 the onTap open source framework
 
 http://macromedia.breezecentral.com/p49777853/
 http://www.sys-con.com/author/?id=4806
 http://www.fusiontap.com
 
 

~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202289
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54