Server on DMZ, or behind firewall?

[heli423]

The situation:

Need to set up a method of accessing a web server, which may be running Lotus Notes server as well.

How could I set this up so that users can access their email or web pages from any internet-enabled access point, and have a reasonable level of security in doing so? (it's not government secrets - just business business correspondences)

I've thought about setting it up on the DMZ, but that seems too exposed. There are only about 15 users at this company, but the need to have a solution in this regard is paramount.

They are currently set up on DSL using a Cisco router (800 series)using static IP's in 10.x

I'd appreciate anyone's take on this -

 

[yizhar]

HI.

You can purchase a PIX 515 firewall with 3 interfaces:
outside
dmz
inside

That way the server is placed in the DMZ, is protected by the firewall and also the inside network is protected from the server.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[heli423]

Thank you Yizhar -

I appreciate the information -

 

[havanajoe]

What are they trying to acess on the webserver? It seems odd to have a webserver sitting in your dmz that is also running your company's Notes server, not real secure. What about setting up a VPN tunnel so that they can access everything from an internal standpoint?

If the webserver is just that then I would suggest having a standalone webserver in the dmz with port 80 open and then having a seperate box internal running your Notes server. From a security standpoint if your web/notes server is in the DMZ and it's compromised then everything is at risk, business information, contact information, way too much information for the general public. Anyways, my thoughts if it matters. :>)