Access from DMZ Was: AD in the DMZ . . . OK?
From: Depp, Dennis M. (deppdm_at_ornl.gov)
Date: 08/02/04
- Previous message: David Gillett: "RE: Which ports to block?"
- Next in thread: Ansgar -59cobalt- Wiechers: "Re: Access from DMZ Was: AD in the DMZ . . . OK?"
- Reply: Ansgar -59cobalt- Wiechers: "Re: Access from DMZ Was: AD in the DMZ . . . OK?"
- Maybe reply: Depp, Dennis M.: "RE: Access from DMZ Was: AD in the DMZ . . . OK?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 02 Aug 2004 10:43:58 -0400 To: Ansgar -59cobalt- Wiechers <bugtraq@planetcobalt.net>, security-basics@securityfocus.com
I've often wondered if this is really possible. In today's environment,
we have to provide some access to our internal networks either from the
DMZ or from the internet. (VPN for example.) Is it possible to
continue to stay with this phillosophy and still not have direct
Internet connections into you secure network (even VPN connections).
Dennis
-----Original Message-----
From: Ansgar -59cobalt- Wiechers [mailto:bugtraq@planetcobalt.net]
Sent: Friday, July 30, 2004 2:54 PM
To: security-basics@securityfocus.com
Subject: Re: AD in the DMZ . . . OK?
..snip..
If I'm reading you correctly that would still require access from the
DMZ to the DC, thus still violating the DMZ. No host in the DMZ should
ever be able to access any service inside the internal network.
Regards
Ansgar Wiechers
-- "Those who would give up liberty for a little temporary safety deserve neither liberty nor safety, and will lose both." --Benjamin Franklin ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
- Previous message: David Gillett: "RE: Which ports to block?"
- Next in thread: Ansgar -59cobalt- Wiechers: "Re: Access from DMZ Was: AD in the DMZ . . . OK?"
- Reply: Ansgar -59cobalt- Wiechers: "Re: Access from DMZ Was: AD in the DMZ . . . OK?"
- Maybe reply: Depp, Dennis M.: "RE: Access from DMZ Was: AD in the DMZ . . . OK?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
