Timeline for Understanding a DMZ with multiple servers
Current License: CC BY-SA 3.0
9 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jul 29, 2016 at 21:18 | vote | accept | Darragh | ||
| Jul 21, 2016 at 17:52 | comment | added | Darragh | you are saying in order to satisfy a definition of DMZ, one side needs to be exposed to the internet ? If one side is not public then it can not be a DMZ ? OK, that makes sense. thanks. | |
| Jul 21, 2016 at 6:06 | comment | added | user15194 | @Darragh if the application server is only reachable by the HTTP server (hence, not exposed to Internet), that's not a DMZ, just another subnet within the internal network. DMZ = public-facing server. | |
| Jul 20, 2016 at 20:51 | comment | added | Darragh | for example this is what I mean applicationarchitecture.files.wordpress.com/2010/03/… | |
| Jul 20, 2016 at 7:23 | comment | added | user15194 | @Darragh I think still you don't understand what a DMZ is. Look up for the term in Google (or whatever search engine you use). There is no such thing like "two DMZs". DMZ is one, the public subnet where servers that are reachable from Internet are located. | |
| Jul 19, 2016 at 21:08 | comment | added | Darragh | thanks @ayozint I am going to have two DMZs one for each server and configure the firewall to only allow the web server communicate with the DB server on specific port from a specific IP source. | |
| Jul 19, 2016 at 7:57 | comment | added | user15194 | @Darragh of course it may be easier to access the DB if the web server is compromised, because that means the attacker has access to a server in your network, so he can try to jump from that server to the DB. Then again, you need to carefully harden your server so that if the attacker is able to get into your server, he has the least limited privileges. | |
| Jul 18, 2016 at 19:55 | comment | added | Darragh | thanks for the comment; I am not really looking at this from an application level vulnerability such as the SQL injection you mention; but yes I understand about SQL injection, instead I am more interested in if the web server is compromised how the DB is protected as much as possible. if the DB and web server are the same DMZ an adversary can access the DB easier when the web server is compromised, so placing the DB also in a DMZ makes this more difficult. | |
| Jul 18, 2016 at 7:22 | history | answered | user15194 | CC BY-SA 3.0 |