RE: Website inside or outside domain
From: Brad Bemis (Brad.Bemis@airborne.com)
Date: 02/13/03
- Previous message: KEITH KOOYMAN: "RE: Website inside or outside domain"
- Maybe in reply to: KEITH KOOYMAN: "RE: Website inside or outside domain"
- Next in thread: D. Ian Miller: "Re: Website inside or outside domain"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 Feb 2003 15:53:11 -0800 From: "Brad Bemis" <Brad.Bemis@airborne.com> To: "KEITH KOOYMAN" <pcsolutions101@hotmail.com>, focus-ms@securityfocus.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Microsoft's ISA Server has several features that are supposed to provide
both security and flexibility for the type of scenario you describe... I
have not played with it myself, but I did sit in on a class for it a few
weeks back. I can't comment on the level of security provided, but it
might be worth investigating. Of course, that all depends on how you feel
about deploying a Microsoft firewall in your enterprise ;-)
Thank you for your time and attention,
=========================================
Brad Bemis, CISSP, CISA, CBCP
Information Security Officer
Airborne Express
brad.bemis@airborne.com
=========================================
Email Notice: This communication may contain sensitive information. If you
are not the intended recipient, or believe that you have received this
communication in error; do not print, copy, retransmit, disseminate, or
otherwise use the information contained herein for any purpose. Please
alert the sender that you have received this message in error, and delete
the copy that you received.
- -----Original Message-----
From: KEITH KOOYMAN [mailto:pcsolutions101@hotmail.com]
Sent: Wednesday, February 12, 2003 1:00 PM
To: focus-ms@securityfocus.com
Subject: RE: Website inside or outside domain
As I have followed this thread I have noticed that no one has addressed the
similarities between this situation and OWA. Essentially, this is much the
same scenario, where a public web server is in the DMZ and the question is:
How do I allow access to the back-end Exchange Server?
You can:
1. Put a firewall between the DMX and the LAN (many firewalls have a
preconfigured DMZ so a second firewall is not needed) and open up so many
ports from the DMZ to the LAN that the firewall is useless = the official
Microsoft solution
2. You can leave the front-end in the DMZ and use pass-through
authentication which takes web traffic straight to your back-end = not
desireable
3. Multi-home the front-end public web server, use TCP/IP filters, IPSEC
and firewall rules to filter, authenticate and encrypt traffic going to the
back-end; a good idea but time consuming and difficult to set up
4. Move the front-end public web server to the LAN = not desirable
5. Use a third party hybrid solution = expensive
Does anyone else have a take on this Exchange point of view on the public
web server?
KC
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus
-----BEGIN PGP SIGNATURE-----
Version: PGP Freeware, Ver 6.5.8CKT - Build 8
Comment: KeyID: 0xB8F26ADD
Comment: Fingerprint: 6E1C D617 CD65 A203 7FD5 4C68 90E7 39F4 B8F2 6ADD
iQA/AwUBPkreZ5DnOfS48mrdEQJoOACguOBNsSjmMqwpGONI3ctOiRuG/+UAoKO6
0NrTiL5GX0Q7H4ctUtm+p2hC
=QyFw
-----END PGP SIGNATURE-----
- Next message: Tim Habex: "Windows 2000 Static arp not static"
- Previous message: KEITH KOOYMAN: "RE: Website inside or outside domain"
- Maybe in reply to: KEITH KOOYMAN: "RE: Website inside or outside domain"
- Next in thread: D. Ian Miller: "Re: Website inside or outside domain"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
