Re: DMZ design - Exchange, SQL, & DCOM

["Francois Dupont" <frdupont () hotmail com>]

Hi,

there is another solution for accessing an internal SQL server from a web 
server in DMZ, WITHOUT opening connexions through the firewall from the DMZ 
to the internal network. It's a software called "NetSecure Web", from the 
french company NetSecure Software. On the one hand, you've got an empty web 
server on the DMZ, which just buffers incoming requests from the Internet. 
On the other hand, the real web server is in the internal network and polls 
about every second (configurable) the server on the DMZ and gets this way 
the buffered requests without any connexion opened from the DMZ throughout 
the firewall: the connexions are opened from the internal network towards 
the DMZ, which is much much more secure.
When the internal server has got the requests, it can ask an internal SQL 
server for data (no such big security problem) and then sends back to the 
DMZ server the web pages for the Internet clients.
This product is about 2 years old and is used in production in several big 
companies already.
NetSecure Software is a Paris company, but has a branch in Montreal, Canada. 
Take a look at www.netsecuresoftware.com .

Have a nice day!

Francois
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com