RE: Website inside or outside domain

From: KEITH KOOYMAN (pcsolutions101@hotmail.com)
Date: 02/12/03

Next message: Brad Bemis: "RE: Website inside or outside domain"

Previous message: Erik Birkholz: "Re: website inside or outside the domain?"
Next in thread: Brad Bemis: "RE: Website inside or outside domain"
Maybe reply: Brad Bemis: "RE: Website inside or outside domain"
Reply: D. Ian Miller: "Re: Website inside or outside domain"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "KEITH KOOYMAN" <pcsolutions101@hotmail.com>
To: focus-ms@securityfocus.com
Date: Wed, 12 Feb 2003 14:00:05 -0700

As I have followed this thread I have noticed that no one has addressed the
similarities between this situation and OWA. Essentially, this is much the
same scenario, where a public web server is in the DMZ and the question is:
How do I allow access to the back-end Exchange Server?

You can:
1. Put a firewall between the DMX and the LAN (many firewalls have a
preconfigured DMZ so a second firewall is not needed) and open up so many
ports from the DMZ to the LAN that the firewall is useless = the official
Microsoft solution
2. You can leave the front-end in the DMZ and use pass-through
authentication which takes web traffic straight to your back-end = not
desireable
3. Multi-home the front-end public web server, use TCP/IP filters, IPSEC
and firewall rules to filter, authenticate and encrypt traffic going to the
back-end; a good idea but time consuming and difficult to set up
4. Move the front-end public web server to the LAN = not desirable
5. Use a third party hybrid solution = expensive

Does anyone else have a take on this Exchange point of view on the public
web server?

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus

Next message: Brad Bemis: "RE: Website inside or outside domain"
Previous message: Erik Birkholz: "Re: website inside or outside the domain?"
Next in thread: Brad Bemis: "RE: Website inside or outside domain"
Maybe reply: Brad Bemis: "RE: Website inside or outside domain"
Reply: D. Ian Miller: "Re: Website inside or outside domain"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Ang: RE: Firewall and DMZ topology
... Network Engineer ... Subject: Firewall and DMZ topology ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
(Security-Basics)
RE: Firewall and DMZ topology
... Subject: Firewall and DMZ topology ... Should the DMZ be behind the LAN and not split off at the firewall, ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
(Security-Basics)
RE: Firewall and DMZ topology
... Subject: Firewall and DMZ topology ... Also, when I say firewall, I mean Router + Firewall. ... Should the DMZ be behind the LAN and not split off at the firewall, ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
(Security-Basics)
Re: Unable to join AD domain from DMZ network
... To me that points to something outside the machine (Firewall most likely culprit) ... > the captured traffic between the server in DMZ to the DC from internal ... >>> authentication from DMZ to 2003 AD internal network. ...
(microsoft.public.windows.server.active_directory)
Re: Lets talk about firewalls - what do we as a group think a firewall should be/have?
... part of the same network as the LAN. ... Each interface of a firewall should be distinct from ... interfaces, so a "DMZ interface" is not a requirement. ...
(comp.security.firewalls)