Re: Front-End server question

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Ed Woodrick (ewoodrick_at_ed-nospam-com.com)
Date: 03/03/05

  • Next message: Jason: "Re: 5.5 migration to 2003" 
    Date: Thu, 3 Mar 2005 14:34:01 -0500

    DMZs were originally created as an area in which things could terminate, but
    not originate. FTP for example is a good example. You stick a FTP server in
    the DMZ, people can leave things on it, people could pick things up from it.
    But no matter what the situation, no connections can exit the DMZ, which
    also means that nothing can transit the DMZ.

    So putting a member server in the DMZ pretty well blows any concept of
    security that you might have. If the member server gets compromised, then it
    has free reign to the intranet, as if the firewall didn't exist at all.
    IPSec doesn't do anything to help the situation, just makes people think
    that something is secure.

    "Al Mulnick" <amulnick_No_SPAM@ncDOTrr.com> wrote in message
    news:uJtP7gAIFHA.1528@TK2MSFTNGP09.phx.gbl...
    >
    > Note that *some* would argue that if you had an application layer
    > firewall, you wouldn't really need a DMZ. A DMZ would be an archaic
    > throwback since it's job is to allow you to cutoff conversation from the
    > untrusted to the trusted (soft squishy core). I still see some value in a
    > DMZ myself, but just throwing that out there.
    >
    > Al
    >
    >

  • Next message: Jason: "Re: 5.5 migration to 2003"

    Relevant Pages

    • Re: Unable to join AD domain from DMZ network
      ... To me that points to something outside the machine (Firewall most likely culprit) ... > the captured traffic between the server in DMZ to the DC from internal ... >>> authentication from DMZ to 2003 AD internal network. ...
      (microsoft.public.windows.server.active_directory)
    • RE: fedora-list Digest, Vol 6, Issue 266
      ... Re: OT: Setting up a forwarding mail domain in DMZ without ... Re: Sound Problem ... downloaded the yum.conf for fedora from Redhat's website. ... Server: Fedora.us Extras ...
      (Fedora)
    • Re: Member Server Login Slow DMZ-Internal Subnet
      ... But did I mention that the firewall log showed a successful port 53 ... connection to each DC from the DMZ machine? ... the DMZ machine is the closest AD DC DNS. ... Member Server which was originally installed in the internal subnet ...
      (microsoft.public.win2000.security)
    • Re: Server hacked/being used as spammers haven...
      ... Given it's position in the dmz and not sure what firewall has been protecting it, your best bet is to have someone review the box in detail. ... The DMZ is not a protected area, it allows ALL internet traffic to your server - and that's VERY BAD - you may as well have just connected it directly to the ineternet and put out a sign that says FREE SERVER - HACK HERE. ... No, you need a real firewall, and then go with a single NIC and then you can VPN into the firewall itself, then create rules in the firewall that allow access to the network. ...
      (microsoft.public.windows.server.sbs)
    • Re: Setup DNS for internal users but keeping namespace same for ex
      ... What is the firewall make and model? ... Many firewalls have a DMZ function. ... without having to go out to the FW and a public DNS thus ... >> Why not locate the server in a DMZ. ...
      (microsoft.public.win2000.dns)