RE: CF and DMZs
Having an intranet webserver behind your firewall and the public one in the DMZ isn't such a bad idea. It is also possible to run CF in distributed mode, so that it is on a separate machine to that of the webserver, so the CF machines can all be behind the firewall (instead of having one in the DMZ with the webserver). -Original Message- From: Coleman, Brian [mailto:[EMAIL PROTECTED] Sent: Tuesday, 12 April 2005 3:50 To: CF-Talk Subject: RE: CF and DMZs Yeah, I meant demilitarized zone (DMZ) in this reference...I didn't even know there was another meaning to it! I'm beginning to wonder if having a webserver on the inside is just overkill in our situation. Sensitive data is housed in a SQL server that would not be in the DMZ, though there might be some PDFs or other types of documents they would want protected. ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202380 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: CF and DMZs
One scenario is to have that internal box for all of your authoring and prestaging. No one ever touches code on the box in the DMZ. You have a scheduled task that copies changes to it for you. It only accepts changes from the other box. -Original Message- From: James Holmes [mailto:[EMAIL PROTECTED] Sent: Monday, April 11, 2005 11:21 PM To: CF-Talk Subject: RE: CF and DMZs Having an intranet webserver behind your firewall and the public one in the DMZ isn't such a bad idea. It is also possible to run CF in distributed mode, so that it is on a separate machine to that of the webserver, so the CF machines can all be behind the firewall (instead of having one in the DMZ with the webserver). ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202435 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
CF and DMZs
The powers that be are talking about setting up a DMZ this summer and want to have a webserver in the DMZ and another webserver on the internal network. I won't be setting up the DMZ or anything, but I do the Cold Fusion pages and web server maintenance. I'm googling around today for information about web servers in a DMZ environment, but if anyone has any information, I'd appreciate it. We're going to be using win2k and IIS5.0 on both web servers, with CF MX 6.1 They've mentioned that the reason for a putting the webserver in the DMZ is so that if anyone hacks it, it can be blown away and recreated using the internal webserver. This sounds like something you'd use a backup for, rather then another server, but maybe if the internal server was replicating files and any changes on the external server would get blown away? I would also assume that only the DMZ server would need CF server installed on it and a license for CF, although I'm still looking into this, too. Thanks, Brian ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202237 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CF and DMZs
I've been seeing peolpe using this term lately, which is strange, because it seemed to happen rather suddenly, like AJAX... I had to search acronymfinder.com to find out it means Data Management Zone seems to me like a poor choice of acronyms, as my only frame of reference prior to this point was Demilitarized Zone -- which is the first hit and bold on acronymfinder. The powers that be are talking about setting up a DMZ this summer and want to have a webserver in the DMZ and another webserver on the internal network. I won't be setting up the DMZ or anything, but I do the Cold Fusion pages and web server maintenance. I'm googling around today for information about web servers in a DMZ environment, but if anyone has any information, I'd appreciate it. We're going to be using win2k and IIS5.0 on both web servers, with CF MX 6.1 They've mentioned that the reason for a putting the webserver in the DMZ is so that if anyone hacks it, it can be blown away and recreated using the internal webserver. This sounds like something you'd use a backup for, rather then another server, but maybe if the internal server was replicating files and any changes on the external server would get blown away? I would also assume that only the DMZ server would need CF server installed on it and a license for CF, although I'm still looking into this, too. Thanks, Brian s. isaac dealey 954.522.6080 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://macromedia.breezecentral.com/p49777853/ http://www.sys-con.com/author/?id=4806 http://www.fusiontap.com ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202255 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CF and DMZs
I think we are talking about DMZ in the terms of Demilitarized Zone. Which does comes from the military term popularized in Korea. A true DMZ means that your webservers are on a seperate part of the network where all port traffic is allowed. Or in most cases, it means a less secure part of the network where internet traffic is allowed. Hopefully you would still have a firewall between the internet and the DMZ to only allow certain port traffic (like 80). So any server that _is not_ in the DMZ is inaccesible from the internet. CF has really nothing to do with the DMZ at all. A very common setup is to put your webservers in the 'DMZ' and your database servers on a more secure network outside of the DMZ. Your DMZ firewall should only allow port 80 traffic from the internet. Meaning your databases server cannot be accessed directly from the internet. However if you now have two seperate CF servers, MM would appericate it if you bought the additional license. It doesn't matter if the server is available online or not. wikipedia definition: In terms of computer security a demilitarized zone (DMZ) is a network area that sits between an organisation's internal network and an external network, usually the Internet. The DMZ allows contained hosts to provide services to the external network, while protecting the internal network from possible intrusions into those hosts. In layman's terms a DMZ is like a one way street. -Adam On Apr 11, 2005 3:29 PM, S. Isaac Dealey [EMAIL PROTECTED] wrote: I've been seeing peolpe using this term lately, which is strange, because it seemed to happen rather suddenly, like AJAX... I had to search acronymfinder.com to find out it means Data Management Zone seems to me like a poor choice of acronyms, as my only frame of reference prior to this point was Demilitarized Zone -- which is the first hit and bold on acronymfinder. The powers that be are talking about setting up a DMZ this summer and want to have a webserver in the DMZ and another webserver on the internal network. I won't be setting up the DMZ or anything, but I do the Cold Fusion pages and web server maintenance. I'm googling around today for information about web servers in a DMZ environment, but if anyone has any information, I'd appreciate it. We're going to be using win2k and IIS5.0 on both web servers, with CF MX 6.1 They've mentioned that the reason for a putting the webserver in the DMZ is so that if anyone hacks it, it can be blown away and recreated using the internal webserver. This sounds like something you'd use a backup for, rather then another server, but maybe if the internal server was replicating files and any changes on the external server would get blown away? I would also assume that only the DMZ server would need CF server installed on it and a license for CF, although I'm still looking into this, too. Thanks, Brian s. isaac dealey 954.522.6080 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://macromedia.breezecentral.com/p49777853/ http://www.sys-con.com/author/?id=4806 http://www.fusiontap.com ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202259 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: CF and DMZs
Yeah, I meant demilitarized zone (DMZ) in this reference...I didn't even know there was another meaning to it! I'm beginning to wonder if having a webserver on the inside is just overkill in our situation. Sensitive data is housed in a SQL server that would not be in the DMZ, though there might be some PDFs or other types of documents they would want protected. -Original Message- From: Adrocknaphobia [mailto:[EMAIL PROTECTED] Sent: Monday, April 11, 2005 2:41 PM To: CF-Talk Subject: Re: CF and DMZs I think we are talking about DMZ in the terms of Demilitarized Zone. Which does comes from the military term popularized in Korea. A true DMZ means that your webservers are on a seperate part of the network where all port traffic is allowed. Or in most cases, it means a less secure part of the network where internet traffic is allowed. Hopefully you would still have a firewall between the internet and the DMZ to only allow certain port traffic (like 80). So any server that _is not_ in the DMZ is inaccesible from the internet. CF has really nothing to do with the DMZ at all. A very common setup is to put your webservers in the 'DMZ' and your database servers on a more secure network outside of the DMZ. Your DMZ firewall should only allow port 80 traffic from the internet. Meaning your databases server cannot be accessed directly from the internet. However if you now have two seperate CF servers, MM would appericate it if you bought the additional license. It doesn't matter if the server is available online or not. wikipedia definition: In terms of computer security a demilitarized zone (DMZ) is a network area that sits between an organisation's internal network and an external network, usually the Internet. The DMZ allows contained hosts to provide services to the external network, while protecting the internal network from possible intrusions into those hosts. In layman's terms a DMZ is like a one way street. -Adam ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202265 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CF and DMZs
Thanks for the clarification Adam, that's appreciated. :) s. isaac dealey 954.522.6080 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://macromedia.breezecentral.com/p49777853/ http://www.sys-con.com/author/?id=4806 http://www.fusiontap.com ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202275 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CF and DMZs
np. working for the gov, it is one of a billion acronyms I'm required to use daily. :) -Adam On Apr 11, 2005 4:15 PM, S. Isaac Dealey [EMAIL PROTECTED] wrote: Thanks for the clarification Adam, that's appreciated. :) s. isaac dealey 954.522.6080 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://macromedia.breezecentral.com/p49777853/ http://www.sys-con.com/author/?id=4806 http://www.fusiontap.com ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202289 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54