w2k3 server hooked to the www

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi All,

   I have a customer who I have safely tucked behind
iptables.  She has a w2k3 server running an M$ SQL
based administrative program on it.  The firewall
accepts no SYN packets.  All in fine.

   But, now whe wants a second w2k3 server that
need to talk to the first w2k3 server AND is open
to the web.  The idea is that users (about 5000
of them) can remotely log into the second w2k3 server
and do maintenance on their records.  The second
w2k3 server will also have a credit card payment system as
well.  Neither server uses any open source products:
only M$ products.

   Now I am freaking out.   I am thinking that all I reasonably
can do is to forward http and https packets to the second server
and install obnoxious passwords on every computer.  Maybe
install a third nic in the firewall and only allow M$ SQL traffic
to enter the local network?

   Any one have any advice/recommendations?  

Many thanks,

Re: w2k3 server hooked to the www

ToddAndMargo@gbis.com wrote:
Quoted text here. Click to load it

So your customer wants to run an e-commerce application from an
intranet.  What you should do is put her boxes on their own network
segment and firewall it so it has no access to any other segment (i.e.,
the rest of the intranet).  If required, other boxes on the intranet
could initiate communication with the new e-commerce DMZ.

The other thing to think about is legal liability in the case of a
breach of the e-commerce servers.  Who's liable for the e-commerce
servers, you or your customer?  Who's liable for the other customers if
their boxes get hacked from a rooted e-commerce server?  If this is a
contract service situation, it might be time for a contract amendment.

Site Timeline