Re: Using with DMZ, etc.
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Mon, 29 Jan 2007 11:27:14 -0600
"Richard" <Richard@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7340C7A4-4EB5-4066-AA8A-5F5532602CB6@xxxxxxxxxxxxxxxx
Not sure if this is the right forum so here it goes.
We are moving to regular server from SBS 2003. I would like to know
thoughts about having an FTP server in a DMZ so it would be accessable
from
the Internet. Would that be asking for security trouble?
Anything you expose to the world is an increased security risk, but having
an FTP server is not usually a giant one compared to many other things.
As long as you run a (reasonably) secure system and take good care of the
machine (Hotfixes etc.) it can work safely -- many people do it safely.
(I typically turn my FTP server off when not in active use though, because
we don't need it 24/7 -- note, I would run it if I had too, but don't really
need to do so.)
Also, would the
main server from the internal network replicate AD to the server in the
DMZ?
Almost never.
DCs don't belong on the network except in certain special cases where the
domain itself it used to support users who are out there too -- and only
done
when the admins really understand security fully.
Must better to let your DMZ machines query the DC through an INTERNAL
firewall when they wish to authenticate someone.
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
.
- Prev by Date: Re: What computer a user is logged in at
- Next by Date: Re: Help With Security Issue on Windows Server 2003 Shared Drive
- Previous by thread: Re: What computer a user is logged in at
- Next by thread: Re: Using with DMZ, etc.
- Index(es):
Relevant Pages
|
