Using a Two-Firewall Configuration
In this configuration, one firewall separates the Internet from the Web servers, and the second firewall separates the Web servers from the internal network, which contains the database servers and the Commerce Server Business Desk computers. For a figure showing a two-firewall configuration, see Small Site Configuration.
Advantages of the two-firewall solution include the following:
The system administrator is able to separate the internal network from the Web servers and Internet browsers. Site management is carried out outside the ISP network, on the internal network. The internal network becomes much more difficult for an intruder to access.
A layer of protection is implemented to protect the database servers from vulnerabilities that are not dependent upon the relationship between the Web servers and database servers. Such vulnerabilities can result in denial-of-service attacks.
The number of computers that are accessible to Internet browsers is minimized. By using two firewalls, it is more difficult to disrupt or abuse the database servers and the Business Desk server.
Business Desk does not have to run over the Hypertext Transfer Protocol Secure (HTTPS) protocol, because the Business Desk client and server computers are on the same network.
Communication between Business Desk and the database servers does not have to be encrypted because the communication never goes over a public network.
It is easier to prevent an Internet browser from impersonating an authorized user. For example, a Web server can be told to listen only for database server requests from one specific IP address. Because both connections are controlled with a firewall, these addresses cannot be used improperly.
The Web servers are separated physically from the other networks, thereby limiting intrusions into the site. If someone is able to exploit any server that is accessible publicly, they do not have direct access to the internal network.
Disadvantages of the two-firewall solution include the following:
It is more difficult and costly to maintain two firewalls with different configurations.
Communication between Web servers and database servers is unprotected within the ISP network. Additional security is needed to protect this communication.
The internal corporate network is dependent on the Web site to function. If the Web site has network problems, the internal network could lose connectivity. You should provide a separate network line to connect internal network computers to the Internet, bypassing the ISP network. This separate connection would bypass the firewall separating the ISP network from the internal network.
Any traffic that is allowed between the internal network and the Internet is also allowed between the ISP network and the Internet and between the database-server network and the Internet. The security ramifications are determined by which protocols are allowed by the default security policy of the user.