|
Posted by Leythos on July 20, 2007, 9:44 am
If you were Registered and logged in, you could reply and use other advanced thread options
crussell18@gmail.com says...
> We are in the process of creating a DMZ for our web servers. Currently
> our web servers have sit on our internal network. Moving the web
> servers to a DMZ is the easy part, but what I am not sure about is how
> to secure our database. I do not want it to sit the database on the
> DMZ, but I also do not want to allow my DMZ to access the internal
> network to hit the database. Does any one have a suggestion that i can
> lookinto.
> We have a Cisco ASA5510 firewall and muliple Cisco 3560g switches. Any
> suggestions would be appreciated
A typical database/web layout has the database servers in the LAN with
the Web Servers in the DMZ. You open the port(s) needed for database
communications between the Web Servers and the Database servers through
the firewall DMZ>LAN, and only to those IP/Ports. You do not use Windows
Authentication in your database/web application, you would use SQL
Authentication.
If you network is based on Microsoft platforms you want to make sure
that your web servers are NOT part of your active directory structure
and that you only open the Database communication ports from the web
servers to them.
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
| 
XML site map