[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] place for db-server

sematin@xxxxxxxxx wrote:
Imho, since it is used both internally and externally, then it ought to be in
the DMZ. It can be a potential source of compromsie from external sources if
placed on the internal network.

I am not sure about the right place for our database server. We have an external and an internal firewall (SuSE 9.0) with a DMZ. The application server is used for internal and external work. It needs a database server on its own machine. Should I take it in the DMZ or in the internal network? What is the (security related) best decision?

This is a tough one. You have to open up a hole to the private net either way, leaving a possible vulnerbility. Placing it in the dmz is likely the best solution as noted. Just be sure to lock down the pinhole to the internal network. Possibly have a single machine on the internal proxy the requests on behalf of all the internal net machines.

Until later, Geoffrey                     Registered Linux User #108567
Building secure systems in spite of Microsoft

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here