Kevin Touchette wrote:

Ok, here is the rub with the Microsoft evangelists.  The system I in
question has company financial data and other things sitting on it.  We
want their web site and all of their web applications to run on the same
system. So we put another network card in their system and set up the
router to do NAT on the tcp/ip of that machine to an external number,
and only allow port 80 traffic through to that card on the box, then set
up the web server to respond to traffic from that IP address.
 The Microsoft people are saying that it allows for possible hacks
through to our internal network by doing this that it's not standard
protocol for setting up a web server and that there should be a box
outside the firewall that doesn't touch anything inside our network,
then there is "no" chance for company data being compromised.  I.E. put
a windows box that does nothing but runs HTTP and FTP services outside
I think this will be more risky, becuase the windos machine will have access to the data in the System i and if somebody gets access to that machine, he can use it as a bridge to read the System i

our firewall and talks to the system I machines through ODBC or JDBC or
something of that nature.

 What I'm trying to do is have some kind of security justification in
the system I setup, see how other people set up their servers and what
the security risks really are for this kind of set up.  I like this
system I setup because you can host each company's web site on their
system I and not bring down every company's site when you do maintenance
on their system as opposed to hosting all the sites on one Microsoft box
and dropping that box all the time.  I also like the fact that the
database is on the same system.

 I have to justify it because it's cheaper to set up the Microsoft
solution, it's hard to justify a system I that does nothing but serve
static web pages all day.  :)

Kevin Touchette


This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].