Christian, if you need external access, put it into the DMZ. Make sure the database - if it is network capable and needs network access for your app - only accepts connects from localhost. Switch off the db network ports completely if possible. Make sure the database native ports ( db access ports, potential admin interface and such ) are filtered at the outside fw. Putting it into the internal network would not exactly help security, since you would need to allow external access to this box and therefore to your internal network. However, having internal & external work ( which I understand as inhouse app development & external app development ) on the same machine often leads to conflicts, since developers of inhouse applications are often relatively lax on security related issues. Eric Christian Mang wrote:

Hi List,

I am not sure about the right place for our database server. We have an external and an internal firewall (SuSE 9.0) with a DMZ. The application server is used for internal and external work. It needs a database server on its own machine. Should I take it in the DMZ or in the internal network? What is the (security related) best decision?

Thanks Christian

-- Eric Mueller EDS Operations Services GmbH Global IMDS Technology Management Eisenstr. 56, D-65428 Ruesselsheim, Germany phone : +49 6142 80 1218 http://services.mdsystem.com