RE: Exchange in the DMZ
From: John Munyan (johnm@attrition.ws)
Date: 11/26/02
- Previous message: Deus, Attonbitus: "RE: Secure / Encrypt Terminal Services"
- Maybe in reply to: Dean Pullen: "Exchange in the DMZ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Nov 2002 11:48:13 -0800 From: "John Munyan" <johnm@attrition.ws> To: "Jack Lyons" <jack.lyons@martinagency.com>, "Dean Pullen" <deanpullen@yahoo.com>, <focus-ms@lists.securityfocus.com>
I agree with Jack. If possible put the FE in the LAN. I would argue
the ease of administration more than makes up for any security concerns.
If you put the E2K FE in the DMZ a hole will need to be cut for it to
communicate with DC's and GC in the LAN. If someone jacks the FE box
then they will have immediate access to your AD.
If you put the FE in the LAN the communications issues with the DC's are
not an issue. And the only public access to the FE box in this scenario
would/could be port 443 if desired.
It is just a simpler solution to put the FE in the LAN rather than in
the DMZ. I don't think there is much benefit to putting the FE in the
DMZ.
Regards,
John
-----Original Message-----
From: Jack Lyons [mailto:jack.lyons@martinagency.com]
Sent: Tuesday, November 26, 2002 5:57 AM
To: 'Dean Pullen'; focus-ms@lists.securityfocus.com
Subject: RE: Exchange in the DMZ
My first question is why do you have to have it in the DMZ, but it seems
you
were being told to put it in the DMZ.
Can you show us the URL's you referenced in setting this up.
I assume you are running Exchange 2000 on Windows 2000 in an AD Domain?
What exactly is your front-end? Is it the Outlook clients or is it
Outlook
Web Access?
Not sure what you mean by this:
' I mean all I am trying at the moment is to connect to our internal
Domain
by accessing the network ID in the My Computer properties and trying
typing
in the Domain.'
Are you using a computer in the DMZ running Windows 2000 Professional
and
trying to login into your Active Directory Domain?
Jack
-----Original Message-----
From: Dean Pullen [mailto:deanpullen@yahoo.com]
Sent: Saturday, November 23, 2002 6:01 AM
To: focus-ms@lists.securityfocus.com
Subject: Exchange in the DMZ
Hi guys,
I've basically been told that we require an Exchange
system operated within our DMZ setup. After much
reading I've decided to go for a front-end, back-end
Exhange system, with the Exchange front-end in the DMZ
and the back-end in the LAN. However, even though I've
opened up all the ports specified in MS' white papers
between the DMZ and LAN, I cannot connect to the
domain/active directory from the Front-End server. How
do I go about this? I mean all I am trying at the
moment is to connect to our internal Domain by
accessing the network ID in the My Computer properties
and trying typing in the Domain. Do I have to do
anything else?! Sorry for my amateurishness(!) but
we're a small firm and cannot afford a fully-fledged
exchange specialist, thus I'm doing it!
Thanks in advance.
Dean Pullen.
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
This email and its contents may be confidential. If it is and you are
not
the intended recipient, please do not disclose or use the information
within
this email or its attachments. If you have received this email in
error,
please delete it immediately. Thank you.
- Next message: Mike Coppins: "Re: IIS Log exactly 65.536 bytes ???"
- Previous message: Deus, Attonbitus: "RE: Secure / Encrypt Terminal Services"
- Maybe in reply to: Dean Pullen: "Exchange in the DMZ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
