Hi
I am in need of some education - I've searched google & can't quite find the answer that asking a knowledgable person would be able to answer in 5 seconds.
I am setting up a network that must be PCI compliant. So - the db must be in a zone not accessable to the internet.
For the sake of simplicity - lets say there are 2 servers behind a firewall (Cisco ASA)
Server1 - Public IP --> Maps to Internal IP 192.168..30.1 - Ports 80, 443 open (Web Server)
Server 2 - Public IP --> Maps to Internal IP 192.168.30.2 - All ports closed (Db Server)
Both servers also have software firewall - where Remote Desktop port (3389) is open and server 2 has SQL port open 1433
Both servers are accessible by remote desktop if connected to VPN first.
So - my question is - is the above a DMZ zone (server1) and Server2 is in a private LAN. Is that a typical PCI compliant setup? or is it way off base? Server2 is still technically connected to the internet but the FW blocks any traffic, but after VPN connection you are behind the FW and can connect so long as the software FW doesn't block it.
Thanks!
Start Free Trial
