RE: AD in the DMZ . . . OK?

• Previous message: Handy, Mark (IT): "RE: Network spyware detection"
• Maybe in reply to: karl: "AD in the DMZ . . . OK?"
• Next in thread: Ivan Coric: "Re: AD in the DMZ . . . OK?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 29 Jul 2004 11:13:42 +0300
To: <security-basics@securityfocus.com>

Hey Karl.

The only reason people put Exchange on the DMZ is to act as an SMTP
relay whereby this relay will be the middle-man between the internal
Exchange server and the Internet.

As far as syncing AD in the DMZ I don't think it's recommended as this
would defeat the purpose of DMZ which is to hide the internal LAN's
resources.

> -----Original Message-----
> From: karl [mailto:opium@runningriver.co.uk]
> Sent: Wednesday, July 28, 2004 1:49 PM
> To: security-basics@securityfocus.com
> Subject: AD in the DMZ . . . OK?
>
>
> Hello
>
> One of the developers I work with has come up with a wild and crazy
> notion to write a .NET app that sits on a DMZ Web server but
> gets user
> information from the Active Directory on the other side of
> the firewall..
>
> I'm inexperienced with this, so did some research and found that this
> kind of thing is possible (plenty of articles on putting Exchange
> servers in the DMZ), but found myself wondering if this ever happens,
> i.e. do people actually have their networks set up this way? Do folk
> expose/replicate AD to the DMZ in practice?
>
> It's all very well that this stuff is possible, but if it's
> perceived as
> insecure and not implementable in the real world . . . . . . .
>
> Thanks for any advice . . . . .
>
> Karl
>
>
> --------------------------------------------------------------
> -------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and
> get $545 off
> any course! All of our class sizes are guaranteed to be 10
> students or less
> to facilitate one-on-one interaction with one of our expert
> instructors.
> Attend a course taught by an expert instructor with years of
> in-the-field
> pen testing experience in our state of the art hacking lab.
> Master the skills
> of an Ethical Hacker to better assess the security of your
> organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------
> --------------
>
>

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Handy, Mark (IT): "RE: Network spyware detection"
• Maybe in reply to: karl: "AD in the DMZ . . . OK?"
• Next in thread: Ivan Coric: "Re: AD in the DMZ . . . OK?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]