• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1257
  • Last Modified:

Application Servers in DMZ vs putting them internal and using ISA in a DMZ

We have a vendor that wants us to put an application server in our DMZ that is a web server for information kept internal in a database.  They want the application server in the DMZ to be part of our AD domain, and they want a bunch of ports along with SQL ports open between it and the internal servers.

In my mind, given these requirements, wouldn't it be better to just put the application server on the inside, and use an ISA server in the DMZ to interface with the public side?

I just feel that if a server needs to be part of an AD domain and needs many ports open, there isn't much benefit at that point to have it in a DMZ.  

Just looking for opinions.
0
jpletcher1
Asked:
jpletcher1
2 Solutions
 
Keith AlabasterEnterprise ArchitectCommented:
Yes - absolutely, although ISA is now out of mainstream support and TMG has replaced it.
0
 
Bruno PACIIT ConsultantCommented:
Hi,

Publishing the application server through a reverse proxy like TMG is a better idea, but only if the reverse proxy (TMG ISA or anything else) makes some security checks...

If your reverse proxy is configured to transmit any incomig request to the internal server then there is no security provided !

Your reverse proxy should authenticate users, as an example... Or filter suspicious html requests, or both.

The important thing is that any incoming request never reach the internal server without being authenticated and checked by your reverse proxy.

Doing like this, if someone outside tries to attack the application the reverse proxy may fall but not the application server.

Have a good day.
0
 
jpletcher1Author Commented:
Thanks for the info guys.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now