Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Web/database server setup question...

From: "Scott, Richard" <Richard.Scott () bestbuy com>
Date: Thu, 2 Mar 2000 15:02:33 -0600 
Inline:

Richard Scott   
BestBuy.Com
* Tel: 001-(612)-995-5432
* Fax: 001-(612)-947-2005
* Best Buy World Headquarters
7075 Flying Cloud Drive
Eden Prairie, MN 55344 USA

The views expressed in this email do not represent Best Buy
or any of its subsidiaries.

        
        I've  been  assigned  to come up with a setup for our web and
database
        servers so that they can be reasonably secure.

        The  basic  setup  will be web server, a database server and a
process
        application server (between the web and db server).

        These  will  be  on  their  own,  ie  no intranet connected to them
or
        anything.

        My  question  is this, what would be a reasonable setup? Is a
firewall
        needed,  or  a  router  will  be enough blocking everything except
for
        ports 80 and 443?

        It really depends on what you want to protect and the amount of
downtime you are willing to accept.
        If the information on the database isn't critical, just advertising
blah, then you may feel it needs some protecting, but as much as you would
want to protect customer information.  

        As far as a web server, well, like I said, it depends on what
exactly you are doing.
        It can't hurt to put in place some filtering of packets, just to
ensure stability of the application, a firewall too would be beneficial.
You may need to look at the application server and see if it houses any
special DCOM/ Remote components that tunnel things through your firewall
etc.

        Reasonable is something that you can only determine, pending what
you want to house and put up on the net.  If you are going to set up an
ecommerce site then you would want adequate security to protect the data
integrity of the site and application itself from coming under DoS.

        Assuming nothing, I would advocate placing a firewall or some
screening solution in front of your web server (Load balancing?), then place
some added protection between your DB and you application server, whether
you need to add another firewall or not it's up to you.  A better detail of
the scenario would achieve better results I would guess from this list!



        Thanks,

        Theo
Previous By Date Next
Previous By Thread Next

Current thread: