Firewall Wizards mailing list archives
Re: Internal Database server access from DMZ host
From: "Joe Ippolito" <joe () joesnet com>
Date: Thu, 13 Jan 2000 16:43:33 -0800
Your architecture should look more like this:
Internet
|
|
perimeter firewall<-->Amber Zone (DMZ)
|
|
Internal network
Your firewall rules should look like:
Source(s) Destination(s) Service(s) Permit/Deny
----------------------------------------------------------------------------
---------------
Req'd source(s) DMZWeb Req'd Port (80?) Permit
DMZWeb SybaseDB Req'd Port(s) Permit
Any Any Any
Deny
Unless you want to push database to a DMZ machine and put all of that
information at risk real-time.
----- Original Message -----
From: Marcus Noveix <noveix () hotmail com>
To: <firewall-wizards () nfr net>
Sent: Monday, January 10, 2000 9:25 PM
Subject: Internal Database server access from DMZ host
Hi I am new to this list and hoping for some positive feedback on the
following
scenario. I am trying to implement a E-Commerce infrastucture currently which has
the
following structure : Internet <-->perimeter firewall<-->Amber Zone<-->Internal network. There is a WEB server in the Amber zone needs connection to a Sybase
Server
using Sybase Openclient to do queries on the DB(WEB server INITIATING connection to the Sybase server). If this Sybase Server was to be in the INTERNAL network what sort of security implications does this pose. I will make sure the security on the DB server is tightened and the server is hardened but besides doing this, what other secure ways are there of doing this. I have read a lot of literature on firewalls and so far gathered that no INITIAL connection should be accepted from Amber Zone hosts to INTERNAL Network Thanks in advance N ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Internal Database server access from DMZ host Marcus Noveix (Jan 12)
- Re: Internal Database server access from DMZ host Joe Ippolito (Jan 15)