Hi,

I want to set up a web server (exposed to the internet) for a small company to host the company website. The web server should also be able to connect to the database available in the LAN network to display some data. The design should consider SECURITY with high priority.

I have suggested for a Windows server with two NIC cards which will host the web site. One of it will be connected to the internet though a software firewall and the other to the LAN network. The routing will be diabled between the two network cards. By this an intruder will not be able to access the database in the LAN network nor get into the LAN network.

Do you foresee any problem in this architecture? Is there any other better way to implement the same? Is it very much necessary still to have a hardware firewall?

Your suggestions will be highly appreciated.

Thanks for your time.
Smiles

p.s: Please refer to the block diagram representation in the attached text file

Those 2 really don't match. You would be better with a UNIX system. It should still be able to access the network, as we used to do this at my old work place.

>>>Is it very much necessary still to have a hardware firewall? <<<

The more security the better. I found this out the hard way that software firewalls do not block everything. It cost me 200$ in bandwidth fees because of that mistake

Cheers

Andy (mod)
andy@ultranerds.co.uk

---

Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!

Hi Andy,

I have setup the Win2k server (web server) with miniamal service activated and minimal applications. This would increase the general security of the server.

Apart from this, the server have two network cards with routing disabled between them and software firewall configured on the network card connected to the internet. This would prevent the hacker from getting into the LAN network of the company even if he gets into the Win2K server.

What is your opinion on this?

Smiles

Sounds ok... but I'm no NT expert.. so I couldn't really comment on how secure this would be.

You may also want to consider backup drives... preferably not by just transfering it onto their network. Maybe a DVD-RAM or tape backup drive. You can never be too careful when playing/using computers :(

Cheers

Andy (mod)
andy@ultranerds.co.uk

---

Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!

In terms of security, I'd recommend the following:

1) Hardware firewall running enterprise strength firewall software like Raptor Firewall.

2) Proxy server for sending and receiving requests to your web server.

3) Web server (dual processor)

4) Database server (dual processor)

The two NIC card structure is not as secure as using a combined hardware firewall and proxy server.

OH...in terms of your web server software, you should consider using Apache 2.0, which is more secure and less vulnerable to viruses and worms than Internet Information Server (even with version 6.0, which is supposed to be more secure, but that is the horse talking...M$).
========================================
Buh Bye!

Cheers,
Me