mailing list archives
From: "Ferrari, Martín" <MFerrari () seta com ar>
Date: Thu, 2 Nov 2000 15:29:56 -0300
I have the following architecture: INTERNET - FIREWALL - DMZ -
FIREWALL - INTERNAL NETWORK
I can't decide whether to put my application server inside the DMZ
or inside the internal network. The app server will serve all secure content
and has access to the DB server.
If I put the app server inside the DMZ zone and someone breaks into
the DMZ, s/he can have access to my App Server, and besides that, I have to
open a firewall path to my backend database from the DMZ.
If I put the app server inside the internal network, I have to open
ports for the web server to communicate with it, and if someone breaks into
the app server, s/he will have access to the DB machine.
Obviously, each machine is itself secured as best as possible.
I'd like to have the best possible security scheme so that secure
content cannot be accessed in case someone breaks in.
Does what I've said make any sense? Are there other considerations
to take into account?
Thank you very much.
firewall-wizards mailing list
firewall-wizards () nfr com
- dmz question Ferrari, Martín (Nov 05)