Firewall Wizards mailing list archives
Re: DMZ design - Exchange, SQL, & DCOM
From: "Michael Borkin" <borkin () netquest com>
Date: Sat, 5 Feb 2000 10:39:55 -0500
<snip>
Just my .02....
</snip>
Bill,
Thanks for your response and I think its worth a hell of a lot more than
just .02 ... so look in your mail for the .83 that I am sending as a thank
you. I know I am overly generous but I really do appreciate you taking the
time.
<snip>
I don't understand a lot of your comments about the 2+2
config.
</snip>
Frankly, I didn't understand a lot of it either, which is why I brought up
the question. Most of what I was asking about is based on conflicting
information from people that I have talked with. The 2+2 comments were
based on one of those conversations. I feel that I only have enough
knowledge to be truly dangerous in this area at the moment, and I am working
very hard at trying to sort good information from bad.
<snip>
I think the other person you where speaking with is confused
about big holes in your firewall.
</snip>
I have come to the conclusion that we were talking apples and oranges. I
was only looking at passing mail (as you were as well), while he was
thinking about full use of exchange features to external users through the
VPN.
<snip>
The web server should be in the DMZ as should the SQL
sever IMHO. The SQL server should NOT be accessable from
the outside at all. It should only talk to the web server and internal
clients. Then open a hole from the inside to the SQL server for
the SQL server traffic (port escapes at the moment). Add of
course open up HTTP and HTTPS from the inside to the DMZ.
</snip>
Did you misspeak or am I just not understanding something? If the SQL
server is in the DMZ then isn't it generally accessable to the outside by
that very fact? If it is only talking to the web server and the internal
machines; and you are opening ports for SQL, HTTP, & HTTPS; shouldn't the
SQL server be in the more secure area of the network?
Also, this is not an e-commerce site so I don't think there is a call for
SSL or HTTPS. Instead SQL is used to generate the .asp pages that make up
the site (in fact a transaction server isn't even implemented to my
knowledge, but I need to double check on that). In your opinion is there
any reason to use SSL on a non-commerce site such as the one that I am
talking about?
Finally, thank you for all the suggestions, especially about the stand-alone
backup server for the DMZ. I am still in the very first stage of this
project and where/how to backup hadn't entered into my mind although it
definitely should have.
Mike
Current thread:
- DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 04)
- Re: DMZ design - Exchange, SQL, & DCOM Bill Pennington (Feb 06)
- RE: DMZ design - Exchange, SQL, & DCOM Omar T. Fahnbulleh (Feb 06)
- Re: DMZ design - Exchange, SQL, & DCOM Mikael Olsson (Feb 07)
- RE: DMZ design - Exchange, SQL, & DCOM Phil Cox (Feb 10)
- Re: DMZ design - Exchange, SQL, & DCOM Jack Dingler (Feb 10)
- <Possible follow-ups>
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 06)
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 07)
- Re: DMZ design - Exchange, SQL, & DCOM billp (Feb 07)
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 07)
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 07)
- Message not available
- Re: DMZ design - Exchange, SQL, & DCOM Jan Schultheiss (Feb 10)
- Re: DMZ design - Exchange, SQL, & DCOM Mikael Olsson (Feb 11)
- Message not available
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 07)
- RE: DMZ design - Exchange, SQL, & DCOM Henry Sieff (Feb 10)
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 10)
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 10)
- Re: DMZ design - Exchange, SQL, & DCOM Francois Dupont (Feb 10)