|
WebApp Sec
mailing list archives
Re: DMZ and critical data
From: "蓝牙" <bluetooth995 () gmail com>
Date: Sun, 9 Jul 2006 16:37:31 +0800
Implement 2 -tier firewall architecture.
Configure FW2 to allow only specific ports to
access the fileserver from the webserver.
Internet -- > FW 1--> DMZ (webserver) ---> FW 2---> Filesever (internal network)
On 7/7/06, Pedro Henrique Morsch Mazzoni <phmazzoni () gmail com> wrote:
Hello,
I am doing a project of network security to a friend of mine.
We will do a back-to-back DMZ, with a external and a internat firewall.
In our project, only the web and mail servers stay in DMZ.
But the company wants to access a webbased application from the internet.
The webserver needs access to a file and a database server, but the
data on this server is critical.
My sugestion is to put a webserver in the internal network and
configure a Vpn, but it is not possible for the client.
I don´t want to put the file and database servers on the DMZ, put if I
put it on the internal network the webserver on the DMZ has to access
the server, wich compromises my security.
Any sugestions?
Pedro Mazzoni
-------------------------------------------------------------------------
Sponsored by: Watchfire
Securing a web application goes far beyond testing the application using
manual processes, or by using automated systems and tools. Watchfire's
"Web Application Security: Automated Scanning or Manual Penetration
Testing?" whitepaper examines a few vulnerability detection methods -
specifically comparing and contrasting manual penetration testing with
automated scanning tools. Download it today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
--------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
