Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
641
Views
0
Helpful
2
Replies

How to Manage a Web Server in DMZ

dnrvieira
Level 1
Level 1

‎09-13-2004 11:14 AM - edited ‎03-09-2019 08:46 AM

What is the best way to manage a Web Server in a DMZ ?

It's best to use just one NIC, and create rules in the PIX or use two nics on the Web Server, one for be accessed from the outside and the other to be connected directly to the Inside network to permit management.

Thanks

Labels:
0 Helpful
2 Replies 2

paddyxdoyle
Level 6
Level 6

‎09-14-2004 04:42 AM

I would recommend only using 1 NIC.

This way all connections to the web server are filtered by your PIX's policy. This policy can be applied to inside and outside traffic to your DMZ.

If the server gets compromised, access to your internal network is still filtered by your PIX and hopefully denied. By default all access from a lower security level (dmz) to a higher security level (inside) is denied.

If you have a second NIC on the server connecting directly to your LAN, a would be attacker, having gained access to your server, could have unfiltered access to your LAN.

Unless of course you had a totaly seperate management network which also had a firewall on it permiting access from your management station to your web servers secondary interface. Your management server could be managed remotely by a terminal concentrator connected to your production LAN.

Rgds

0 Helpful

dnrvieira
Level 1
Level 1
In response to paddyxdoyle

‎09-14-2004 06:21 AM

Yes, i agree that will be the best option.

Thanks for your help.

0 Helpful
Customers Also Viewed These Support Documents