sematin@mtn.co.ug wrote:
Imho, since it is used both internally and externally, then it ought to be in the DMZ. It can be a potential source of compromsie from external sources if placed on the internal network.
Noah.
I am not sure about the right place for our database server. We have an external and an internal firewall (SuSE 9.0) with a DMZ. The application server is used for internal and external work. It needs a database server on its own machine. Should I take it in the DMZ or in the internal network? What is the (security related) best decision?
This is a tough one. You have to open up a hole to the private net either way, leaving a possible vulnerbility. Placing it in the dmz is likely the best solution as noted. Just be sure to lock down the pinhole to the internal network. Possibly have a single machine on the internal proxy the requests on behalf of all the internal net machines. -- Until later, Geoffrey Registered Linux User #108567 Building secure systems in spite of Microsoft