Jump to content

Hosting security

Guest Monkey

By Guest Monkey
in Techno Babble

 Share

Recommended Posts

Guest Monkey

Guest Monkey

Posted
Posted

At present we host our own web servers in a hosting centre. The web servers

are on a workgroup with a Cisco firewall between them and the back-end

database servers (SQL). Obivously only the database ports are open on this

firewall.

 

We are in the process of changing all our equipment and I was just wondering

if anyone had any opinions on 'best practise' for this sort of environment?

 

From an admin sort of view, it would be easier if all on same domain and

SCOM would work better that way but this would open up our SQL servers to

possible attack.

 

Thanks

  • Replies 1
  • Created
  • Last Reply

Popular Days

Popular Days

Guest S. Pidgorny

Guest S. Pidgorny

Posted
Posted

The firewall between the Web server and the database server in Web hosting

scenario doesn't add much security but adds cost. In every attack scenario

that doesn't involve the hosting company staff, the first step for

compromising your environment is to compromise the Web server, at which

stage the mission is pretty much accomplished. The firewall doesn't protect

from SQL injection either.

 

Microsoft's guidance for Web hosting can be found at

http://www.microsoft.com/serviceproviders/...ngguidance.mspx.

As you can see (http://learn.iis.net/page.aspx/118/sample-architecture-i/),

there are no firewalls.

 

And yes, using single domain is a good idea, and firewalls separating parts

of the domain is not.

 

--

Svyatoslav Pidgorny, MS MVP - Security, MCSE

-= F1 is the key =-

 

http://sl.mvps.org http://msmvps.com/blogs/sp

 

"Monkey" <Monkey@discussions.microsoft.com> wrote in message

news:16124C2C-000F-4EAA-8BEA-9148464D3CF8@microsoft.com...<span style="color:blue">

> At present we host our own web servers in a hosting centre. The web

> servers

> are on a workgroup with a Cisco firewall between them and the back-end

> database servers (SQL). Obivously only the database ports are open on this

> firewall.

>

> We are in the process of changing all our equipment and I was just

> wondering

> if anyone had any opinions on 'best practise' for this sort of

> environment?

>

> From an admin sort of view, it would be easier if all on same domain and

> SCOM would work better that way but this would open up our SQL servers to

> possible attack.

>

> Thanks </span>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...