Security Basics mailing list archives
Re: DMZ Web Servers
From: David Glosser <david_glosser () yahoo com>
Date: Sat, 6 Sep 2008 10:32:08 -0700 (PDT)
The fact that you are asking this question means you aren't qualified to do it yourself. I'm not being insulting or condescending, only realistic. With sql injection, Cross-Site Scripting, and other issues, I would hire an expert to properly design and manage the infrastucture 24x7 for you. You don't want your site hacked or your back-end database compromised at 3:00 am one weekend. Make sure the design includes two layers of firewalls, regular vulnerability scanning/penetration testing, IDS/IPS, and if possible Web Application firewall. ----- Original Message ----
From: "Lafosse, Ricardo" <rlafosse () sfwmd gov> To: security-basics () securityfocus com Sent: Friday, September 5, 2008 6:29:24 AM Subject: DMZ Web Servers Hello All, I would like to know any suggestions or ideas how some infrastructures currently setup their Web Servers in the DMZ and connect back to an Oracle or MSSQL backend on the inside. I was thinking of just allowing specific IPs and MACs, but any other help would be greatly appreciated. Thanks! Rico
Current thread:
- DMZ Web Servers Lafosse, Ricardo (Sep 05)
- Re: DMZ Web Servers Rob (Sep 08)
- Re: DMZ Web Servers Adriel Desautels (Sep 08)
- <Possible follow-ups>
- Re: DMZ Web Servers David Glosser (Sep 08)
- RE: DMZ Web Servers Lafosse, Ricardo (Sep 08)
- Re: DMZ Web Servers Adriel Desautels (Sep 08)
- Transmitting Sensitive Information between Servers Basha, Arif (Sep 08)
- Re: Transmitting Sensitive Information between Servers Ben Preston (Sep 08)
- RE: Transmitting Sensitive Information between Servers Thevendriya, Arvind (Sep 08)
- Re: Transmitting Sensitive Information between Servers Nathaniel Hall (Sep 08)
- Re: Transmitting Sensitive Information between Servers Chad Perrin (Sep 10)
- Re: Transmitting Sensitive Information between Servers Ansgar Wiechers (Sep 08)
- Re: Transmitting Sensitive Information between Servers Chris Benedict (Sep 08)
- Re: Transmitting Sensitive Information between Servers Chad Perrin (Sep 10)
- Re: DMZ Web Servers Rob (Sep 08)