[NTLUG:Discuss] (no subject)

[Christopher Browne]

On Thu, 15 Mar 2001 19:27:23, the world broke into rejoicing as
"m m" <llliiilll at hotmail.com>  said:
> which one is the better configuration/architecture for the networking?
> 
> internet
>   |
> firewall
>   |-- public web/mail server
>   |-- data base server (for web page/application) (should private?)
>   |-- internal network (intranet)
> 
> or
> 
> internet
>   |-- public web/mail server
> firewall
>   |-- data base server (for web page/application)
>   |   (can be accessed by public web/mail server?)
>   |
>   |- internal network (intranet)

> on this configuration, the intranet is more secure than the 1st one,
> but how do you protect the web/mail server being attacked?

I suspect you need to be a bit more specific about precisely what
services are supposed to be accessable from the outside world.

But I would tend to think that the second diagram is likely to be
safer.

It puts the "public services" on the dangerous side of the firewall,
thus meaning you have to make sure that the public web/mail server is
well-secured.  

On the one hand, that need for "hardening" of the web/mail server
seems a bit unfortunate; one might think it nicer to keep the web
server inside.

BUT.  If the public web server is inside the "safe zone," you then
have to open up a pipeline for data from the outside into that web
server, which essentially puts a sizable hole in the protection being
provided by the firewall.

You'll need to worry more heavily about that web/mail server, but that
should make for a safer result...
--
(reverse (concatenate 'string "ac.notelrac.teneerf@" "454aa"))
http://vip.hex.net/~cbbrowne/linuxdistributions.html
Signs of  a Klingon Programmer  #12: "Specifications are for  the weak
and timid!"