Hi Guys,
Thanks for the replies, Manuel & Bennet.
Please bear with me. I have a few more questions.
1. How do I create the DMZ?
2. How should the DNS be configured?
3. How do I configure the router(cisco 4000) to allow only http traffic to the WWW server?
4. The WWW Server also has our mail server(Oracle InterOffice). If I put the WWW Server in
the DMZ, what is the compromise on the security of the InterOffice database?
Thanks & Regards,
Giri
Giridhar Nayak,
System Access Pte. Ltd. (http://www.systemaccess.com)
Tel: 65. 3334533 Fax: 65. 3334133
Email: giri @
symbols .
com .
sg
===========================================
--- Begin Message ---
|
Subject: |
RE: How - WWWServer on internal LAN to be made accessible on the NET? |
|
From: |
"manuel .
ricca @
pararede .
pt" <owner-firewalls-list @
GreatCircle .
COM> |
|
Date: |
27 Nov 97 23:03:07 |
|
To: |
GIRI.SYMBOLS.COM.SG,(Non,Receipt,Notification,Requested) |
|
Cc: |
firewalls,(Non,Receipt,Notification,Requested) |
|
Alternate-recipient: |
Prohibited |
|
Autoforwarded: |
FALSE |
|
Conversion: |
Allowed |
|
Conversion-with-loss: |
Allowed |
|
Delivery-date: |
26 Nov 97 17:14:10 +0000 |
|
Importance: |
normal |
|
In-reply-to: |
</GUID:Qa0ITQDExMjYxNjMxMDktSA* /@MHS> |
|
Message-type: |
Multiple Part |
|
Posted-date: |
Thu, 27 Nov 1997 07:03:07 -0800 (PST) |
|
X400-content-type: |
P2-1984 |
|
X400-mts-identifier: |
[/PRMD=pararede/ADMD=ip/C=pt;ISOCOR-3470db53-Tubarao] |
|
X400-originator: |
manuel .
ricca @
pararede .
pt |
|
X400-received: |
by /PRMD=pararede/ADMD=ip/C=pt; Relayed; 26 Nov 97 17:14:02 +0000 |
|
X400-recipients: |
firewalls @
GreatCircle .
com |
-> Create a DMZ and put the web server there, for security reasons. Putting it in the
Intranet is a security breach (especially
if you're using IIS - check out www.ntsecurity.net)
-> Add the DNS entry to your external DNS server, so that outsiders can resolve the name
-> Open an inbound (external -> DMZ) HTTP proxy (TCP, port 80) on the firewall
Hope this helps,
manuel
-----------------
Manuel Ricca
ParaRede - Tecnologias de Comunicação, S.A.
R. D. Constantino de Bragança, 12 1400 Lisboa
Tel: +351 1 3020451
Fax: +351 1 3020444
E-mail: manuel .
ricca @
pararede .
pt
-------------------
From: GIRI.SYMBOLS.COM.SG
To: firewalls-uk @
gbnet .
net
Cc:
Subject: How - WWWServer on internal LAN to be made accessible on the NET?
Date:
Hi,
I am a newbie to this list & hence please pardon if this has
been discussed earlier.
I have a web server running on an NT4.0
server on my LAN. I have an eval copy of Altavista97
running on another NT
4.0 which acts as the Firewall for our Network. This Firewall server
is th
e primary DNS Server for our domain. I have a class 'C' set of address avai
lable for our
domain.
I have to make the web server accessible
from the Internet. How do I make this possible?
Where do I place the web s
erver vis-a-vis the Firewall & the Internet? What are the changes
that I h
ave to make to the DNS to make the web server accessible?
Any he
lp is greatly welcomed.
Thanks & Regards,
Giri
Gi
ridhar Nayak,
System Access Pte. Ltd. (http://www.systemaccess.com)
Tel: 65. 3334533 Fax: 65. 3334133
Email: giri @
symbols .
com .
sg
========================
===================
--- End Message ---
|
|
