Re: Front-End server question
From: Ed Woodrick (ewoodrick_at_ed-nospam-com.com)
Date: 03/03/05
- Next message: anotheradmin: "Unable to login to exchange 2003"
- Previous message: Ben Winzenz [Exchange MVP]: "Re: TLS, 5.7.0 - far end requires TLS !?"
- In reply to: Al Mulnick: "Re: Front-End server question"
- Next in thread: Michael Mendoza: "Re: Front-End server question"
- Reply: Michael Mendoza: "Re: Front-End server question"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 3 Mar 2005 14:34:01 -0500
DMZs were originally created as an area in which things could terminate, but
not originate. FTP for example is a good example. You stick a FTP server in
the DMZ, people can leave things on it, people could pick things up from it.
But no matter what the situation, no connections can exit the DMZ, which
also means that nothing can transit the DMZ.
So putting a member server in the DMZ pretty well blows any concept of
security that you might have. If the member server gets compromised, then it
has free reign to the intranet, as if the firewall didn't exist at all.
IPSec doesn't do anything to help the situation, just makes people think
that something is secure.
"Al Mulnick" <amulnick_No_SPAM@ncDOTrr.com> wrote in message
news:uJtP7gAIFHA.1528@TK2MSFTNGP09.phx.gbl...
>
> Note that *some* would argue that if you had an application layer
> firewall, you wouldn't really need a DMZ. A DMZ would be an archaic
> throwback since it's job is to allow you to cutoff conversation from the
> untrusted to the trusted (soft squishy core). I still see some value in a
> DMZ myself, but just throwing that out there.
>
> Al
>
>
- Next message: anotheradmin: "Unable to login to exchange 2003"
- Previous message: Ben Winzenz [Exchange MVP]: "Re: TLS, 5.7.0 - far end requires TLS !?"
- In reply to: Al Mulnick: "Re: Front-End server question"
- Next in thread: Michael Mendoza: "Re: Front-End server question"
- Reply: Michael Mendoza: "Re: Front-End server question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
