<snip>
Just because your SQL server is in the DMZ does not mean
that it is accessible from the outside. Your outside firewall
interface should only allow HTTP traffic to the web server
and SMTP traffic to the mail server. Thats it. Nothing more.
Your SQL server doesn't even need an internet routable IP
address. It doesn't even need IP. You could set it up to use
IPX or Netbeui to talk to the web server. (Do this only if your
firewall will let you talk to the SQL server from the inside using
IPX or Netbeui)
</snip>
I am assuming you mean that the firewall allows IPX or Netbeui inside the
DMZ. I never have considered that. Would that be allowed through the
rules? Would it open the servers up to in another way, such as tunneling
those protocols in, if I was to allow IPX or Netbeui?
<snip>
One more thing. The book "Building Internet Firewalls" is NOT
written by Cheswick and Bellovin as a stated previously. "Building
Internet Firewalls" is written by Brent Chapman and Elizabeth
Zwicky and is published by O'Reilly.
</snip>
Thanks for the reference as well... I haven't had time to check it out as of
yet but it does sound like exactly the kind of book I need to read.
Mike
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:21 PDT