This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Should web servers be in a DMZ?

Just wondering how everyone protects their web servers.

Where I work the web servers were never put in a DMZ, we have a DMZ and use to use NAT to forward to an ISA\TMG server.

We now use Sopjos and have web servers on the LAN and use the WAF to protect these servers. Which include sharepoint web servers and some other custom websites, these all authenticate to an STS token server.

Would it still make sense for me to put these in the DMZ?

If so what's best practice with regards to allowing it access to the Domain? As they would need to access the SQL databases on the internal cluster and AD/DNS.

This thread was automatically locked due to age.

Parents

0 Ross86 over 10 years ago

Ok thanks Bob, I think selling it to my boss won't be too hard he's quite paranoid on security.

It all depends on the effort vs real requirements [:)] .. Definitely the first DMZ will be implemented as it's halfway there anyway.
Cancel
Vote Up 0 Vote Down

Cancel
0 firebear_01 over 10 years ago in reply to Ross86

Hi BAlfson,

is it right understood that you say the Webserver in the DMZ should use the internal AD-Controllers so that you have to open Port 445 from DMZ to Internal LAN ???????

Greets
Firebear
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 firebear_01 over 10 years ago in reply to Ross86

Hi BAlfson,

is it right understood that you say the Webserver in the DMZ should use the internal AD-Controllers so that you have to open Port 445 from DMZ to Internal LAN ???????

Greets
Firebear
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data