At 10:26 AM 4/9/96 EDT, Ward, Jay wrote:
>>From what I have been told in the past is that I could run into problems
>putting the httpd server behind the firewall. Is this true?
Yes. If the http server is compromised from the outside so is you internal
network. If the http server serves the outside world put it on the outside
of the firewall. Better yet, get a third ethernet interface and create a
second firewalled area for your http and DMZ traffic.
Inet -----F-1 ---- Internal net
|
|
DMZ for www servers, dial up concentrators, etc.
Why isn't your firewall vendor/distriburtor helping you with these design
issues? Did they take your money, leave the box and walk?
How is Checkpoint on support?
Adam Safier
CSC-SED-Infosec
asafier @
csc .
com
"If you show me yours, I still won't show you mine."
Expressed opinions are my own and might not be shared by my employer or
anyone else.
|
|
