Fact
asked on
Farm of servers connected to internet behind firewall security risk
As a security wise, what is the risk on farm of servers(database or application)UNIX or MicroSoft OS,if i connect them to internet behind firewall (PIX OR ELSE) on internal interface,with access-list deny all traffic from anywhere except one internet user on dmz,what about viruses,worms..etc???is there any advice or recomendation to do ?????what can i do on the main point access (internet router) as a first step for defense ????
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned. I will make a recommendation to the moderators on its resolution in approximately one week. I would appreciate any comments by the experts that would help me in making a recommendation.
It is assumed that any participant not responding to this request is no longer interested in its final deposition.
If the asker does not know how to close the question, the options are here:
https://www.experts-exchange.com/help.jsp#hs5
zenlion420
EE Page Editor
It is assumed that any participant not responding to this request is no longer interested in its final deposition.
If the asker does not know how to close the question, the options are here:
https://www.experts-exchange.com/help.jsp#hs5
zenlion420
EE Page Editor
very good job so far!
that exactly what any CISSP would do.
now you should beef up the security and customize it to specific usage needs on the network.
to do this i would start by implementing an IDS to compliment the DMZ. the DMZ can be a single point of failure, maybe a padded cell system would be the best with your IDS to prevent complete lockout. it also will be very helpfull with providing tangible evidence incase of legal issues.
oh an try to stay up to date withe latest security patches... i cant count the number of times super robust networks have been clobbered by a simple exploit that had a patch available.
as a matter of fact that super slammer worm is a great example, that even caused airplane flight cancellations!