Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 1 subscriber
  • Views 22272 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Should web servers be in a DMZ?

Ross86
Just wondering how everyone protects their web servers.

Where I work the web servers were never put in a DMZ, we have a DMZ and use to use NAT to forward to an ISA\TMG server.

We now use Sopjos and have web servers on the LAN and use the WAF to protect these servers. Which include sharepoint web servers and some other custom websites, these all authenticate to an STS token server.

Would it still make sense for me to put these in the DMZ?

If so what's best practice with regards to allowing it access to the Domain? As they would need to access the SQL databases on the internal cluster and AD/DNS.


This thread was automatically locked due to age.
Parents
  • 0
    Well, this is free advice, Ross, so good luck on selling up the management chain! [;)]

    First priority would be the DMZ for the public-facing devices.  A much-lower priority, but likely desirable would be another DMZ to separate your database servers from the users.  A read-only DC would be something you'd need only if you have something big like SOC 2 compliance that you need to worry about.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Well, this is free advice, Ross, so good luck on selling up the management chain! [;)]

    First priority would be the DMZ for the public-facing devices.  A much-lower priority, but likely desirable would be another DMZ to separate your database servers from the users.  A read-only DC would be something you'd need only if you have something big like SOC 2 compliance that you need to worry about.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML