Re: DMZ Novice

Tech-Archive recommends: Speed Up your PC by fixing your registry

"Neil Jordan" <Neil.Jordan@xxxxxxxxxxxxx> wrote in message
news:uGZ%23z5lBIHA.5196@xxxxxxxxxxxxxxxxxxxxxxx
So if a DMZ isn't the right setup, what is?

By saying grab, it was my programmer speak for grabbing it and using it in
my asp pages that I invisaged running on IIS on the server in the DMZ,
serving the remote users.

Sorry, I understand. I'm just trying to paint the correct picture.

The ASP site is fine. You can run it from a DMZ but you can just as easily
run it behind the ISA on the LAN and publish it through the ISA. The one
advantage of having it on the DMZ would be that if someone "took control"
of the machine they would still be off the LAN. But that probably isn't the
biggest threat. The biggest threat is against the SQL Server using SQL
Injection where flaws in the ASP Site's design allow the web site to become
the "hackers tool" against the SQL Server,...and a DMZ won't stop
that,...worse yet, this being SBS the SQL Server is also the Domain
controller,...so is IIS and ISA for that matter.

So you can do it either way, B2B DMZ, Tri-Homed DMZ, or no DMZ,...but my
main point is really that if your applications has flaws the DMZ is not
going to help. The DMZ only protects in limited ways for certain things.
Most all of your security rests on how well you built the Application.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------


.

Relevant Pages

  • Re: Where do I put Exchange Server?
    ... I'm not sure of OWA can be front-ended by a lone IIS server; again, the DMZ ... isn't the right place for it with ISA 2000. ... > its internal network only. ...
    (microsoft.public.isa.configuration)
  • Re: Netzschema
    ... Wir verfolgen seit ISA 2000 den Ansatz ohne DMZ und haben jeweils auf der Internet- als auch auf der LAN-Seite Snort Sensoren. ... Stell doch deinen OWA Server in die Domain und publishe SMTP und OWA durch den ISA Server. ...
    (microsoft.public.de.german.isaserver)
  • [fw-wiz] Exchange 2003 OWA compromise reached
    ... Thanks to all for your answers to my questions regarding Exchange 2003 OWA. ... Since we also want to move our ftp server onto a separate DMZ away from our ... we will attach the Microsoft ISA server outside interface to the ...
    (Firewall-Wizards)
  • Re: Where do I put Exchange Server?
    ... DMZ in ISA Server 2004? ... Speaking of ISA Server 2004, I saw some screen shots of it. ... > its internal network only. ...
    (microsoft.public.isa.configuration)
  • Re: Best Practices for exposing Exchange to web
    ... You suggest setting up a ISA server in the DMZ so I have a few questions. ... >>We are in the process of migrating to Exchange server and I am ...
    (microsoft.public.exchange.admin)