I need some advice on network and web security. I am new to security, I have 2 servers, one is a web server, which also contains an sql server ( i know this is insecure in itself). I also have a file and print server. Both of these are on the LAN, we have a dsl line with a gateway open for http and mail, for outside users to access the website and for us to send and receive mail.
I have been told that the web server should be placed in a DMZ and that the sql server, should be moved from the web server.
However, I need a detailed explanation (in plain english) of how I go about doing this... software and hardware requirements along with a configuration settings. Also, what are my options.... I mean if it is not feasible for me to buy a new server for the sql, what other ways can I go about securing the two servers that I have.
Can anybody help me?