General discussion

Locked

DMZ's

By mandms7 ·
Well, I got absolutely no response from my earlier post, so I thought I'd try again.

We are going to be implementing a new in-house online banking platform. It will incorporate several different servers (webserver, database server, middleware server). I need to determine a secure method for incorporating this into our network, and I have some questions:

1) How many DMZs do you think I should have. The webserver will go into one, but should the database servers and middleware servers go into the same DMZ or go into their own DMZs? Or do I just put the database and middleware servers into our internal LAN?

2) The webserver will need to communicate with a core processing server that resides on our internal LAN. Is there any miracle solution to allow this communcation to occur other than opening ports on the firewall?

3) How do you normally handle Windows domain membership for servers that are in a DMZ. Do you make them part of your internal network's domain, have them be in their own domain, or leave all of them in a workgroup?

4) Not necessarily related to the above questions, but how do you generally determine how many DMZs to have on your network? Any particular reason you wouldn't want to put a number of unrelated servers in a DMZ to minimize the number of DMZs you need?

Thanks for your assistance!

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

A question of opinion

by fregeus In reply to DMZ's

What you are asking for depends on many factors. Most important is with how much risk is your institution willing to live with.

Who are your customers? What kind of link are they using to get to your services? What kind of authentication you want to use? What kind of encryption will you be using? etc etc etc.

The answer to these questions and more will help you determine if you need one, two or more DMZs. Without that information, my answer can only be judged as pure speculation.

But here goes anyways. Since you said this is going to be an in-house Banking platform, i would personnally use two DMZs. One for the web server and one for the middleware. the DB can be internal. I strongly recommend that you keep a firewall between your middleware and your internal system. There is no miracle solution here. Open ports on the firewall. It`s really not that hard to do. Windows domain or workgroups should be restricted to the zones they occupy and SHOULD NOT be aware in any way of other domains or workgroup but their own.

How do you determine how many DMZ you should have, it all depends on how secure you want your data to be and how much money you are able to spend.

Good luck.

Back to IT Employment Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums