RE: [suse-security] place for db-server
Imho, since it is used both internally and externally, then it ought to be in the DMZ. It can be a potential source of compromsie from external sources if placed on the internal network. Noah.
-----Original Message----- From: Christian Mang [mailto:cmang@wegatec.de] Sent: 13 May 2004 10:38 To: Suse-Security@Suse.Com Subject: [suse-security] place for db-server
Hi List,
I am not sure about the right place for our database server. We have an external and an internal firewall (SuSE 9.0) with a DMZ. The application server is used for internal and external work. It needs a database server on its own machine. Should I take it in the DMZ or in the internal network? What is the (security related) best decision?
Thanks Christian
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
sematin@mtn.co.ug wrote:
Imho, since it is used both internally and externally, then it ought to be in the DMZ. It can be a potential source of compromsie from external sources if placed on the internal network.
Noah.
I am not sure about the right place for our database server. We have an external and an internal firewall (SuSE 9.0) with a DMZ. The application server is used for internal and external work. It needs a database server on its own machine. Should I take it in the DMZ or in the internal network? What is the (security related) best decision?
This is a tough one. You have to open up a hole to the private net either way, leaving a possible vulnerbility. Placing it in the dmz is likely the best solution as noted. Just be sure to lock down the pinhole to the internal network. Possibly have a single machine on the internal proxy the requests on behalf of all the internal net machines. -- Until later, Geoffrey Registered Linux User #108567 Building secure systems in spite of Microsoft
participants (2)
-
Geoffrey -
sematin@mtn.co.ug