We run a company website on an IIS server. It's located on one of two subnets in our small LAN: our firewall (Cisco PIX 515E) is equipped with two physical interfaces: one dedicated to the internal office subnet and one dedicated to a DMZ subnet. The webserver is the only computer on the DMZ subnet. This setup was put in place by one of my predecessors, although I'm not sure I understand why.
Can I safely eliminate the DMZ and simply put the webserver on the same subnet as the rest of the equipment? The firewall is already configured to block all ports except the ones we need. If that's the case, it seems unnecessary to continue isolating the webserver in a different subnet. I also see no purpose to using a DMZ, which I would assume would create more risk, not less. Does that seem correct?