DMZ design
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

DMZ design

From: <sc_wizard29@hotmail.com>
Date: Tue Nov 29 2005 - 16:27:00 CET



Hi everyone, I would like to install a web-server on a DMZ. This


web-server will access a database hosted on the private network.


In a book called "The Practice of Network Security", the 2 following


DMZ design are suggested :



Design #1 (private network and DMZ connected to same FW) :



internet -> FW -> private network


             |


             +--> DMZ



Design #2 (2 FW) :



internet -> FW -> DMZ -> FW -> private network.



The author says that "The most notable problem with design #1 is that


there is no way to securely update information on the servers. There


are also no facilities in place to secure the database transactions


between the web server and the database server, or any of the backend


servers".



I'm afraid I don't understand what the author means... if I use design


#1 and if the FW is correctly configured, what can prevent me from


securing the database transactions ?



Thanks for helping...


Received on Sat Dec  3 04:18:43 2005