DMZ to web?

C

Chris Jackson

I'm wanting to set up a network layout that will allow our external web
site access to our internal SQL server.

I came up with this diagram:
http://professionalfaith.com/network1.gif

The web server will have 2 NIC so it can have access to the DMZ and one
NIC to have access to internal systems.

Is this an OK solution? Can a web hacker get to NIC 2 - internal systems
thru this?

Any other suggestions on accomplishing this?

Thanks...
 
P

Phillip Windell

Chris Jackson said:
The web server will have 2 NIC so it can have access to the DMZ and one
NIC to have access to internal systems.

Is this an OK solution?
Click to expand...

You'll never get everyone to agree on that.
Can a web hacker get to NIC 2 - internal systems
thru this?
Click to expand...

Possibly,....but how likely is questionable. As long as "routing" isn't
enabled on the machine (preferably RRAS not installed at all) then it would
be roughly the equivalent of "publishing" it from behind the firewall as far
as the risk to the LAN is concerned, however the machine itself is more
exposed this way than it would be if published from behind a firewall.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Need help w/ multi homed server 2
W2K in DMZ 2
Broadcasts packets from internal network coming from DMZ machine 7
Correct routing/DNS config for dual-homed 2000 svr 2
Windows 2K RRAS VPN on DMZ can't authenticate users 4
How to get access to web pages on both LANs? How to prevent a need for ipconfig /release and then ip 21
Firewall box with W2000 - domain? 8
New DMZ design suggestions... 4

Top