Re: DMZ Novice
- From: "Neil Jordan" <Neil.Jordan@xxxxxxxxxxxxx>
- Date: Thu, 4 Oct 2007 09:15:57 +0100
So if a DMZ isn't the right setup, what is?
By saying grab, it was my programmer speak for grabbing it and using it in
my asp pages that I invisaged running on IIS on the server in the DMZ,
serving the remote users.
Neil
"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:OB7tLEeBIHA.2268@xxxxxxxxxxxxxxxxxxxxxxx
"Neil Jordan" <Neil.Jordan@xxxxxxxxxxxxx> wrote in message
news:%23z3AtVdBIHA.4200@xxxxxxxxxxxxxxxxxxxxxxx
We currently have ISA 2004 running on our SBS 2003 server. It currently
has 2 NICs and uses the firewall and VPN for remote access to one of our
fixed IPs for use by our remote workers.
I also have a seperate server that runs SQL Server for our main ERP.
Ideally I want to be able to allow our customers to view their relevent
information via the internet, but having them login in some way.
Am I right in the fact that I need to add a network card to the server
for the DMZ? Once I have that, do I then connect a server to that
network so that it is in the DMZ?
A DMZ isn't your solution. A DMZ doesn't have anything to do with it.
If so, I guess I just need to find out about the best way for security
and how I can grab the data from the SQL server in real time (or close to
it).
You don't "grab data". You need a true Application (that may have to be
written) that is available to the people who need to get the data. It
could be an ASP or ASPX web site or it could be a matter of making your
existing business Application available to the people you are asking
about. It needs to present options to the users to allow them to decide
what data they need and how it is to be presented to them. The
Application will then contact the SQL Server and retrieve the Data and
present it to the user in a meaningful and useful way. Users don't access
the SQL server themselves,..the Applications do,...an SQL Server is a
"backend" tool, not a "frontend" tool (for the most part).
The Application needs to be securely designed without exploitable flaws
that allow unauthorized people to get the same (or more) data that they
aren't supposed to have. A DMZ will not "fix" flaws in the Application.
The SQL Server needs the database to be properly designed and secured so
that the correct user or Applications have access to the data but not
allow anyone (or anything) else. A DMZ will not "fix" flaws in the SQL
server arrangement.
A DMZ does not really do anything in any of this. It is just an example of
that "superstition" that I menioned in another post.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or
Microsoft, or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
.
- Follow-Ups:
- Re: DMZ Novice
- From: Phillip Windell
- Re: DMZ Novice
- References:
- DMZ Novice
- From: Neil Jordan
- Re: DMZ Novice
- From: Phillip Windell
- DMZ Novice
- Prev by Date: Re: Compressing ISA Logfiles
- Next by Date: Re: ISA 2006
- Previous by thread: Re: DMZ Novice
- Next by thread: Re: DMZ Novice
- Index(es):
Relevant Pages
|
Loading
