DMZ boxes in the domain
From: Gene (btraquer@att.net)
Date: 02/26/03
- Previous message: Robert Formanek: "Re: Monitor Services on Windows machines"
- Next in thread: Marc Fossi: "Re: DMZ boxes in the domain - Bad moderator"
- Reply: Marc Fossi: "Re: DMZ boxes in the domain - Bad moderator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Feb 2003 13:37:10 +0700 From: Gene <btraquer@att.net> To: focus-ms@securityfocus.com
We're considering adding the DMZ Win2K/IIS servers to the
internal domain. This sounds like a rather dangerous thing to do, but
while discussing this we came up with an idea of giving the box 2 NICs,
one a DMZ address and the other an internal address and disabling all
routing between the 2 NICs. Hopefully, in this scenario we can still
manage the Win2K normally via the domain while permitting the box to
serve out our site. If the box is compromised from the DMZ side, in
theory, this wouldn't allow the compromise to affect the internal network.
Ideas/thoughts/concerns...
All helps appreciated!!
- Next message: Shackleford, Dave: "RE: Utility to determine who deteled files"
- Previous message: Robert Formanek: "Re: Monitor Services on Windows machines"
- Next in thread: Marc Fossi: "Re: DMZ boxes in the domain - Bad moderator"
- Reply: Marc Fossi: "Re: DMZ boxes in the domain - Bad moderator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
