DMZ to web?

  • Thread starter Thread starter Chris Jackson
  • Start date Start date
C

Chris Jackson

I'm wanting to set up a network layout that will allow our external web
site access to our internal SQL server.

I came up with this diagram:
http://professionalfaith.com/network1.gif

The web server will have 2 NIC so it can have access to the DMZ and one
NIC to have access to internal systems.

Is this an OK solution? Can a web hacker get to NIC 2 - internal systems
thru this?

Any other suggestions on accomplishing this?

Thanks...
 
Chris Jackson said:
The web server will have 2 NIC so it can have access to the DMZ and one
NIC to have access to internal systems.

Is this an OK solution?
Click to expand...

You'll never get everyone to agree on that.
Can a web hacker get to NIC 2 - internal systems
thru this?
Click to expand...

Possibly,....but how likely is questionable. As long as "routing" isn't
enabled on the machine (preferably RRAS not installed at all) then it would
be roughly the equivalent of "publishing" it from behind the firewall as far
as the risk to the LAN is concerned, however the machine itself is more
exposed this way than it would be if published from behind a firewall.
 
Back
Top