Re: DMZ and critical data

["蓝牙" <bluetooth995 () gmail com>]

Implement 2 -tier firewall architecture.
Configure FW2 to allow only specific ports to
access the fileserver from the webserver.

Internet -- > FW 1--> DMZ (webserver) ---> FW 2---> Filesever (internal network)




On 7/7/06, Pedro Henrique Morsch Mazzoni <phmazzoni () gmail com> wrote:
> Hello,
>
> I am doing a project of network security to a friend of mine.
> We will do a back-to-back DMZ, with a external and a internat firewall.
> In our project, only the web and mail servers stay in DMZ.
> But the company wants to access a webbased application from the internet.
> The webserver needs access to a file and a database server, but the
> data on this server is critical.
> My sugestion is to put a webserver in the internal network and
> configure a Vpn, but it is not possible for the client.
> I don´t want to put the file and database servers on the DMZ, put if I
> put it on the internal network the webserver on the DMZ has to access
> the server, wich compromises my security.
>
> Any sugestions?
>
> Pedro Mazzoni
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire
>
> Securing a web application goes far beyond testing the application using
> manual processes, or by using automated systems and tools. Watchfire's
> "Web Application Security: Automated Scanning or Manual Penetration
> Testing?" whitepaper examines a few vulnerability detection methods -
> specifically comparing and contrasting manual penetration testing with
> automated scanning tools. Download it today!
>
> https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
> --------------------------------------------------------------------------