[NTLUG:Discuss] (no subject)
Chris Cox
cjcox at acm.org
Thu Mar 15 21:30:19 CST 2001
I read the other replies... and I believe that ideally you need the
firewall up front. Your web host DMZ could be on a net
that only the firewall knows about. This should provide good enough
isolation between your internal private net and the web/mail host.
Transfer data to the web/mail host using secured protocols like ssh/scp.
(your web/mail box will be as if it were some host located somewhere
else)
Any host exposed on the internet will be attacked... nobody is safe
anymore. Don't leave your web server out.
Regards,
Chris
m m wrote:
>
> which one is the better configuration/architecture for the networking?
>
> internet
> |
> firewall
> |-- public web/mail server
> |-- data base server (for web page/application) (should private?)
> |-- internal network (intranet)
>
> or
>
> internet
> |-- public web/mail server
> firewall
> |-- data base server (for web page/application)
> | (can be accessed by public web/mail server?)
> |
> |- internal network (intranet)
>
> on this configuration, the intranet is more secure than the 1st one, but how
> do you protect the web/mail server being attacked?
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list