WebApp Sec mailing list archives
Re: DMZ and critical data
From: "蓝牙" <bluetooth995 () gmail com>
Date: Sun, 9 Jul 2006 16:37:31 +0800
Implement 2 -tier firewall architecture. Configure FW2 to allow only specific ports to access the fileserver from the webserver. Internet -- > FW 1--> DMZ (webserver) ---> FW 2---> Filesever (internal network) On 7/7/06, Pedro Henrique Morsch Mazzoni <phmazzoni () gmail com> wrote:
Hello, I am doing a project of network security to a friend of mine. We will do a back-to-back DMZ, with a external and a internat firewall. In our project, only the web and mail servers stay in DMZ. But the company wants to access a webbased application from the internet. The webserver needs access to a file and a database server, but the data on this server is critical. My sugestion is to put a webserver in the internal network and configure a Vpn, but it is not possible for the client. I don´t want to put the file and database servers on the DMZ, put if I put it on the internal network the webserver on the DMZ has to access the server, wich compromises my security. Any sugestions? Pedro Mazzoni ------------------------------------------------------------------------- Sponsored by: Watchfire Securing a web application goes far beyond testing the application using manual processes, or by using automated systems and tools. Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download it today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm --------------------------------------------------------------------------
Current thread:
- DMZ and critical data Pedro Henrique Morsch Mazzoni (Jul 08)
- Re: DMZ and critical data 蓝牙 (Jul 09)
- RE: DMZ and critical data Brian J. Bartlett (Jul 09)
- Re: DMZ and critical data Mohammad Ali Sarbanha (Jul 09)
- Intrusion Detection David Robert (Jul 09)
- Re: Intrusion Detection Ivan Ristic (Jul 10)
- Re: Intrusion Detection Jamie Riden (Jul 10)
- Re: Intrusion Detection Daniel Cid (Jul 11)
- Re: Intrusion Detection David Ryan (Jul 12)
- Re: Intrusion Detection skarvin (Jul 12)
- <Possible follow-ups>
- Re: DMZ and critical data sarbanha (Jul 09)
- Message not available
- Re: DMZ and critical data Ken Adler - QDSP, CISSP, PMP, CISA (Jul 09)
- Message not available