Web Server and DC to share database

Tags:
Access control
Browsers
DataCenter
filtering
Networking
Security
Servers
SSL/TLS
Web security
From what I've read, it is "Best Practice" to keep your web server separate from your AD Domain Controller. What if they need to simultaneously share the database? My local users will be logging in to the AD locally and using an app that accesses a database. No problem. My remote users use a PHP web app to access the database for different reasons but still accessing the same records. Is there a secure way to do this? Thanks in advance!

Answer Wiki

Thanks. We'll let you know when a new response is added.

The way we configured our network was to place the publicly accessible server in the DMZ or other secured area. Then you limit comms from the DMZ to the internal network by machine, protocol, etc with appropriate IDS and log audits. Place the database in the internal network and connect to it from the DMZ server. The key here is to lock down the comms from the DMZ and to audit the logs well.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Larrythethird
    The domain is a very nice LDAP to authenticate against. But that is the only thing that a internet pointing device should read - and only read - from the inside of your network. We take a step farther by putting our firewalls and other DMZ devices into a non-routing network, a 192.168.x.y sink net. Put single routes for access through the firewall, 192.168.1.1 255.255.255.255 so nothing else can gain access.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following