Security Basics mailing list archives

RE: DMZ Web Servers

From: "Dan Lynch" <DLynch () placer ca gov>
Date: Mon, 8 Sep 2008 12:19:45 -0700

Asinine, but an effective way of ensuring your job security.

You're making an entire class of questions effectively off limits here in the Security Basics mail list, while making 
an awfully broad assumption about the OP's skills and experience, plus the requirements of the project he's undertaking.

Tell me, how does one become qualified to build a web presence that meets the needs and standards of /*their*/ 
organization without asking peers, referring to guidelines, and simply doing it? How do you gain entry into the magic 
club? 

The question wasn't "how do I design to David's standards". (Answer: you can't, the standards are secret).



Dan Lynch, CISSP
Information Technology Analyst
County of Placer
Auburn, CA

-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of David Glosser
Sent: Saturday, September 06, 2008 10:32 AM
To: Lafosse, Ricardo; security-basics () securityfocus com
Subject: Re: DMZ Web Servers

The fact that you are asking this question means you aren't 
qualified to do it yourself. 
I'm not being insulting or condescending, only realistic. 

With sql injection, Cross-Site Scripting, and other issues,  
I would hire an expert to properly design and manage the 
infrastucture 24x7 for you. You don't want your site hacked 
or your back-end database compromised at 3:00 am one weekend. 

Make sure the design includes two layers of firewalls,  
regular vulnerability scanning/penetration testing, IDS/IPS, 
and if possible Web Application firewall. 

----- Original Message ----

From: "Lafosse, Ricardo" <rlafosse () sfwmd gov>
To: security-basics () securityfocus com
Sent: Friday, September 5, 2008 6:29:24 AM
Subject: DMZ Web Servers

Hello All,

I would like to know any suggestions or ideas how some

infrastructures

currently setup their Web Servers in the DMZ and connect back to an
Oracle or MSSQL backend on the inside. I was thinking of

just allowing

specific IPs and MACs, but any other help would be greatly

appreciated.


Thanks!
Rico

Current thread:

Re: DMZ Web Servers, (continued)
- - Re: DMZ Web Servers Adriel Desautels (Sep 08)
  - Transmitting Sensitive Information between Servers Basha, Arif (Sep 08)
    - Re: Transmitting Sensitive Information between Servers Ben Preston (Sep 08)
    - RE: Transmitting Sensitive Information between Servers Thevendriya, Arvind (Sep 08)
    - Re: Transmitting Sensitive Information between Servers Nathaniel Hall (Sep 08)
    - Re: Transmitting Sensitive Information between Servers Chad Perrin (Sep 10)
    - Re: Transmitting Sensitive Information between Servers Ansgar Wiechers (Sep 08)
    - Re: Transmitting Sensitive Information between Servers Chris Benedict (Sep 08)
    - Re: Transmitting Sensitive Information between Servers Chad Perrin (Sep 10)
    - RE: Transmitting Sensitive Information between Servers David Gillett (Sep 11)
  - RE: DMZ Web Servers Dan Lynch (Sep 08)
- Re: DMZ Web Servers krymson (Sep 08)
  - TrueCrypt Basiru Ndow (Sep 10)
    - Re: TrueCrypt Marc-André Laverdière (Sep 11)
- Re: DMZ Web Servers David Glosser (Sep 10)