We are planing on deploying a web server (DMZ) which will make calls to a file server on our LAN. We would like to know the best way of securing data between these servers so that the communication and risk associated is minimized. Our original plan was to create a local account (user account) on our file server(on LAN) and have the web server pass these credentials in order to map a network drive which was located on the file server. The only thing that will be allowed between DMZ->LAN are file/print sharing ports (i have to look them up....) The account which will be created on the file server will be part of "users" group and will only have read-access to data on the file server. Please advise on best practice. Refer to image attached for idea of infrastructure setup.