cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2124
Views
0
Helpful
4
Replies

Web Ecommerce server on DMZ

steve
Level 1
Level 1

This is just a general question to which I would a simple yes or no will suffice:

Company has a Web server on a single DMZ.

External customers process orders via Internet on this server.

The Server, however, must pass all information back to Oracle servers on company LAN. This Oracle traffic is ported through the firewall.

IS this a 'best practice'? or should it be redesigned?

many thanks for any comments.

Will provide further info if need be.

cheers

Steve

4 Replies 4

a.awan
Level 4
Level 4

It is normal and in fact recommended to isolate the web interface layer from the application and database layers and i believe this is exactly what is happening in the case you mentioned. The only thing to ensure is that only the webserver in the DMZ is allowed to talk to the application servers and/or database servers (depends on the architecture of your application) and only on the required ports. Some security deployments place the database servers behind their own dedicated firewall(s) as databases are considered to be the most critical component of an application deployment these days, especially the Ecommerce apps.

At this point i will recommed going through the 'Ecommerce/Data Center Module' portion of the following Cisco article. I hope this will explain things in a little more detail:

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_white_paper09186a008009c8b6.shtml#wp42742

My question is What is better in terms of security for this ecommerce server:
Server with single NIC which will take traffic from the outside to the server and form the server to inside
or install a second NIC that will pass only traffic
to inside thru a separate private dmz on the same firewall? Or there is no difference?

edwardmuphy
Level 1
Level 1

I think it can be solved without redesigning. Anyways, thanks for sharing the nice piece of information with us. eCommerce business is increasing with the passage of time because it has many advantages like time and money saving. Apart from, it has become the most authentic way of online earning but this is not an easy job. Lot of experience, patience and hardworking is required to get success in this business. I have also developed an eCommerce site on CMS by Magento Development Company ileaddigital.com/services/web-design/ecommerce-web-development. There are some major areas of ecommerce: Advertising as a way to attract user attention to commercial sites (Internet spread around the world, the location of the seller and the buyer does not matter, but to draw attention to more complicated than using traditional advertising in ordinary life).

coleman788
Level 1
Level 1

Hi Steve,

While it's common to have web servers on a DMZ for security reasons, best practices would generally recommend limiting direct traffic between the DMZ and the internal LAN. Instead, a middle-tier approach, such as using an application server or a dedicated firewall rule to secure the database connection, can be a safer design.

If you're looking to redesign your eCommerce system and improve its security while ensuring it runs smoothly, feel free to check out some recommendations and tips on Wifey Beauty, where we cover different aspects of both beauty and tech solutions for small businesses!

Hope that helps