We help IT Professionals succeed at work.

firewall and dmz?

I have an application SchoolPro runs on a server and uses .net to allow the client computers to interact with the appliation. The application SchoolPro runs with a SQL backend and uses no php or SQL in the interaction between Server and Client. I am being told it is safe to poke a hole in the firewall and allow https connections from the internet to this server. I thought of putting the ShoolPro server in a DMZ would be needed to ensure a level of security and damage controll should something be hacked.

What are you thoughts on the security of the proposed setup, why and why not?
Thanks for your thoughts.
Comment
Watch Question

Commented:
Any connection you allow into your network is a risk, putting the server in a DMZ is a good idea really because all it requires is someone to find a bug or fault in that application to gain access to your network. And from the sounds of you would be running this on a server within a school environment anyways so if someone did get into the network you have a few hundred potential bot net computers.

Everything is always safe until they find the bug. Take the apache killer vulnerability that was discovered recently which demonstrated an exploit which could crash all current versions of apache until it was patched.

Best just to be safe and keep it segregated as much as possible.

Author

Commented:
Thanks heaps for your suggestions. I'm still open for any more comments and opinions.
As the previous user said, you definitely want to do the DMZ deployment.  Do you plan on having remote clients connect to the server, I assume with allowing SSL in/out?   You could always add a white-list as well for added security if it's a small number of static connections.   I'm guessing with a school deployment though, these would be student home PCs which would be dynamic IPs.  Not as easy!

Author

Commented:
Thanks for the input. Much appreciated

Explore More ContentExplore courses, solutions, and other research materials related to this topic.