To domain or not to domain? :-)

From: Gegerfelt, Michael (ver4@ver4.com)
Date: 02/25/02


Date: Mon, 25 Feb 2002 15:14:49 +0100 (CET)
From: "Gegerfelt, Michael" <ver4@ver4.com>
To: security-basics@securityfocus.com

Hi all

I have a question regarding topology in a DMZ zone. How does you guys put
up a network with the following design?

(It is a customer to us and I want to implement the best solution)

Today they have three domains (One for their internal site, one for their
"external site" - the DMZ and one for their sister company.
(Sorry for my limited vocabulary and my spelling)

They have one NT domain for their internal (lets say that one is called
internal), they also have an NT4 domain called (lets say external, great
imagination huh.. ). Is it even recommended to have a separate domain for
the DMZ? I have heard from some guys that they prefer to put their NT
boxes as Stand Alone instead...

Any pros and cons for different topologies?

Yours sincerely

-------------------------------
Michael Gegerfelt



Relevant Pages

  • Re: To domain or not to domain? :-)
    ... On Mon, 25 Feb 2002, Gegerfelt, Michael stated: ... > I have a question regarding topology in a DMZ zone. ... domain and not Internet domain here.. ...
    (Security-Basics)
  • Re: FE/BE
    ... >I am install FE, by MS instruction and topology, but still don't have ... >communication between FE and BE. ... The FE/BE scenarios guide explains why you should not use FE in DMZ. ...
    (microsoft.public.exchange.setup)
  • RE: ISA firewall
    ... >One thing I advise against is installing ISA as a firewall for a DMZ ... topology. ... You want to explain how it does not support DMZ zones? ...
    (Security-Basics)