I need some advice.
My www server resides at the DMZ. Port 80 is already
open for outside public using my WWW server.
My consultant is selling a product, instructed me to install
another IIs server inside and open port 80 from the Pix Firewall(from dmz to inside)so the www server sitting at the DMZ can communicate inside.
I told the consultant to use port 1443 (SQL)which is already open. We currently using sql to communicate inside our
database. He told me that his product will only work using
port 80 to communicate inside the database rather than sql.
As we all know, lots of IIS services are full of holes. Hackers
attacked every corner of the IIs modules.
I am hesitant opening port 80 from dmz to inside.
Suppose my IIS in DMZ has been hacked, then it is very easy
for the hackers to hack to the next IIS (inside).
Can someone tell me the danger of doing this?
Am I compromising my network?
Please explain.
Thanks people
