rana izzat wrote:please look at the pdf.
http://www.sans.org/reading_room/whitepapers/firewalls/designing-dmz_950
Good article. I suppose the main conclusion from a
Java EE perspective is that you are best of having two firewalls. One in front of the DMZ and one behind.
Where the DMX is the Webserver.
What would you do if you had a web centric architecture with no database or any other machines. Just one webserver?
I suppose you would just one firewall. Is the webserver technically still in the DMZ?
Thanks