RE: Question about dmz security

From: Marc Suttle (marc.suttle@anidirect.com)
Date: 02/17/03

  • Next message: Tim Heagarty: "Law office recommendations?"
    From: Marc Suttle <marc.suttle@anidirect.com>
    To: "'David M. Fetter'" <dfetter@setec-astronomy.biz>, Jennifer Fountain <JFountain@rbinc.com>
    Date: Mon, 17 Feb 2003 11:25:43 -0600
    
    

    You could have a dedicated nick on the dmz going to a dedicated nick on the
    internal network. However I would just recommend you disable that nick and
    put the traffic rules you need on the firewall for the dmz to internal.

    M

    -----Original Message-----
    From: David M. Fetter [mailto:dfetter@setec-astronomy.biz]
    Sent: Friday, February 14, 2003 5:49 PM
    To: Jennifer Fountain
    Cc: security-basics@securityfocus.com
    Subject: Re: Question about dmz security

    That's definitely a security risk because that system essentially
    bypasses your firewall altogether. You are right in your suggestion.

    Jennifer Fountain wrote:
    > I need an opinion on a current design implementation in place. We have
    > an ftp server sitting in our dmz. This box has two nics - one is
    > plugged into the dmz hub and one is plugged into our network. I think
    > this is a security risk and we should just allow internal users access
    > to the box via the firewall by opening the port instead of having dual
    > nics. they do not see a security risk. maybe i am just too new at this
    > and need some education. what is the "best" way to implement this
    > configuration?
    >
    >
    > Thank you
    > Jenn Fountain
    >

    -- 
    David M. Fetter (MegaSurge) - http://www.setec-astronomy.biz/
    "The world is full of power and energy and a person can go far by just 
    skimming off a tiny bit of it." Neal Stephenson - Snow Crash
    


    Relevant Pages

    • Re: Unable to join AD domain from DMZ network
      ... > the captured traffic between the server in DMZ to the DC from internal ... >> unless you lock it down to a specific port. ... >>> authentication from DMZ to 2003 AD internal network. ...
      (microsoft.public.windows.server.active_directory)
    • Re: Near and far dmz (is this model secure)
      ... I think that your boss is right, the Exchange servers should be on the ... in a DMZ via VPN tunnel. ... connections from the DMZ to the internal network, ...
      (comp.security.firewalls)
    • Re: Unable to join AD domain from DMZ network
      ... To me that points to something outside the machine (Firewall most likely culprit) ... > the captured traffic between the server in DMZ to the DC from internal ... >>> authentication from DMZ to 2003 AD internal network. ...
      (microsoft.public.windows.server.active_directory)
    • Re: Firewall & DMZ
      ... What I just don't seem to get is how to get the IIS Server in the DMZ to ... initiate a connection into the internal network. ... > you're gonna need is something inside your network to receive the posts. ...
      (microsoft.public.inetserver.iis.security)
    • RE: Firewall and DMZ topology
      ... purpose of a DMZ is to segment machines from your internal network whilst ... Subject: Firewall and DMZ topology ... I would like to set up a SOHO network with a firewall and DMZ for mostly ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)