Should have said, "OK, you tell me what you think will happen and then we'll put it to the test. Before we start can you just sign this waiver and have my P45 ready?"
Of course I'd also be inclided to slot a dual-redundant IDS and firewall setup on the outside of that webserver, box the whole lot into an isolated subnet and only allow key internal boxes to be able route into the isolated websvr/dbsvr combo network to perform admin, zero traffic inbound to the primary nets. I'm not a networks bod, just an admin who's fecking paranoid, and dealt with enough pondscum from the internet who will have your webserver compromised in about 60 secs after you've stood it up if you let 'em!
Biting the hand that feeds IT
