Re: DMZ traffic (was Please help ! need to check IIS volunrabilities.)

[<sf_mail_sbm () yahoo com>]

In-Reply-To: <OFC70E5C3B.4AE7C38F-ON80256F55.00304D9B-80256F55.00310522 () EU novartis net>

> From: miguel.dilaj () pharma novartis com

> 5) Is the configuration of the DMZ "watertight"? (In particular: 
> connections STARTING in the DMZ must be forbidden).


How would you prevent this in a case were a webserver needs to access a production db in the Internal network for 
queries/updates?

You might propose to use another db in the DMZ, and perform regular synchronisations -  but what if the db is being 
held on a minicomputer (cost issue))?