Firewall Wizards mailing list archives

RE: securing DB access from the DMZ

From: "Carl Friedberg" <friedberg () exs esb com>
Date: Thu, 21 Feb 2002 01:02:18 -0500

Banking? This got past independent auditors??

I won't hype any products. I will say that you are 100% correct about
that second NIC; either of your 2 solutions would be better than the
current situation. If you can get management to sign off, the second
firewall will isolate your more sensitive resources.

Is there a security policy in place? If not, do that first, go to
management, have them sign off on it, then implement.

Carl

(BTW, are there multiple VLANs in the Catalyst?)
-----Original Message-----
From: wasabi_pea () hushmail com [mailto:wasabi_pea () hushmail com] 
Sent: Wednesday, February 20, 2002 4:48 PM
To: firewall-wizards () nfr com
Subject: [fw-wiz] securing DB access from the DMZ



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

          {Internet}
               |
               |
        [Cisco router]
               |
               |
        [Cisco PIX 520]---DMZ---[IIS 4 Webserver]
               |                  (Second NIC)
               |                       |
     [Cisco Catalyst 6509]-------------+
               |
               |
               +---------------[DB Server]

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

securing DB access from the DMZ wasabi_pea (Feb 20)
- Re: securing DB access from the DMZ Holger Kipp (Feb 21)
- Re: securing DB access from the DMZ Ryan Russell (Feb 21)
- <Possible follow-ups>
- RE: securing DB access from the DMZ Carl Friedberg (Feb 21)
- Re: Re: securing DB access from the DMZ wasabi_pea (Feb 21)
- RE: securing DB access from the DMZ Scott, Richard (Feb 27)