Firewall Wizards mailing list archives
RE: Web server inside the firewall
From: "Shivdasani, Meenoo" <Meenoo_Shivdasani () NAI com>
Date: Wed, 2 Dec 1998 08:46:08 -0800
We are running a Gauntlet 4.1 firewall. We allow FTP and HTTP originating
from the >inside. We have also created a POP3 plug from inside to a local ISP. We don't allow >any traffic originating from the outside.
I have been getting pressure lately to have a web server moved from the DMZ
to >behind the firewall. The reasoning is this will make it easier to access databases >on our internal network.
The web server is IIS 4 on NT 4.0+SP3 with FrontPage extensions. The
firewall is in >its own subnet. What ports need to be opened to make this work?
From a technical standpoint, this can be done. From a security standpoint
it's a Bad Idea(tm) The whole point of having the web server on the DMZ is that if the web server's security is compromised, the internal network remains safe. And it's all too easy to compromise a web server. M
Current thread:
- Web server inside the firewall Kevin Tyrrell (Dec 01)
- Re: Web server inside the firewall Perry E. Metzger (Dec 02)
- Re: Web server inside the firewall Arian Hormozi (Dec 03)
- Re: Web server inside the firewall Steve George (Dec 02)
- Re: Web server inside the firewall Bennett Todd (Dec 03)
- <Possible follow-ups>
- Re: Web server inside the firewall Bob Acosta (Dec 02)
- RE: Web server inside the firewall Shivdasani, Meenoo (Dec 03)
- Re: Web server inside the firewall James Conley (Dec 03)
- RE: Web server inside the firewall Readwin, Neil (Dec 04)
- RE: Web server inside the firewall Safier, Adam (GEIS) (Dec 04)
- RE: Web server inside the firewall tyrrell (Dec 07)
- Re: Web server inside the firewall Bennett Todd (Dec 08)
- RE: Web server inside the firewall tyrrell (Dec 07)
- Re: Web server inside the firewall Perry E. Metzger (Dec 02)