09-23-2004 11:17 PM - edited 03-09-2019 08:53 AM
This is just a general question to which I would a simple yes or no will suffice:
Company has a Web server on a single DMZ.
External customers process orders via Internet on this server.
The Server, however, must pass all information back to Oracle servers on company LAN. This Oracle traffic is ported through the firewall.
IS this a 'best practice'? or should it be redesigned?
many thanks for any comments.
Will provide further info if need be.
cheers
Steve
09-24-2004 02:53 AM
It is normal and in fact recommended to isolate the web interface layer from the application and database layers and i believe this is exactly what is happening in the case you mentioned. The only thing to ensure is that only the webserver in the DMZ is allowed to talk to the application servers and/or database servers (depends on the architecture of your application) and only on the required ports. Some security deployments place the database servers behind their own dedicated firewall(s) as databases are considered to be the most critical component of an application deployment these days, especially the Ecommerce apps.
At this point i will recommed going through the 'Ecommerce/Data Center Module' portion of the following Cisco article. I hope this will explain things in a little more detail:
01-21-2010 12:06 AM
My question is What is better in terms of security for this ecommerce server:
Server with single NIC which will take traffic from the outside to the server and form the server to inside
or install a second NIC that will pass only traffic
to inside thru a separate private dmz on the same firewall? Or there is no difference?
06-16-2015 11:01 PM
I think it can be solved without redesigning. Anyways, thanks for sharing the nice piece of information with us. eCommerce business is increasing with the passage of time because it has many advantages like time and money saving. Apart from, it has become the most authentic way of online earning but this is not an easy job. Lot of experience, patience and hardworking is required to get success in this business. I have also developed an eCommerce site on CMS by Magento Development Company ileaddigital.com/services/web-design/ecommerce-web-development. There are some major areas of ecommerce: Advertising as a way to attract user attention to commercial sites (Internet spread around the world, the location of the seller and the buyer does not matter, but to draw attention to more complicated than using traditional advertising in ordinary life).
10-05-2024 09:54 AM
Hi Steve,
While it's common to have web servers on a DMZ for security reasons, best practices would generally recommend limiting direct traffic between the DMZ and the internal LAN. Instead, a middle-tier approach, such as using an application server or a dedicated firewall rule to secure the database connection, can be a safer design.
If you're looking to redesign your eCommerce system and improve its security while ensuring it runs smoothly, feel free to check out some recommendations and tips on Wifey Beauty, where we cover different aspects of both beauty and tech solutions for small businesses!
Hope that helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide