Re: Port open for Microsoft

From: Don Kelloway (dkelloway@commodon.com)
Date: 01/08/03

Next message: Don Kelloway: "Re: Problem with CP FW-1 Secure SMTP Service"
Previous message: Don Kelloway: "Re: Can't get to my own website"
In reply to: Cristian Meggiorin: "Port open for Microsoft"
Next in thread: ML: "Re: Port open for Microsoft"
Reply: ML: "Re: Port open for Microsoft"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Don Kelloway" <dkelloway@commodon.com>
Date: Wed, 08 Jan 2003 06:13:22 GMT

It would be an extremely bad idea to configure the firewall to allow a
system on the DMZ inbound access to a system on the internal LAN. In fact,
performing such a configuration negates the purpose of implementing the DMZ.

Think of it this way. If the system on the DMZ were to become compromised,
it will have the ability to establish a connection into the internal LAN.
Is this something you want to risk? Probably not.

--
Best regards,
Don Kelloway
Commodon Communications
http://www.commodon.com
Visit http://www.commodon.com to learn about Back Orifice (BO), NetBus (NB),
SubSeven (Sub7), etc.  All of which are "Threats to Your Security on the
Internet".
"Cristian Meggiorin" <cmeggior@hardservice.it> wrote in message
news:aveq0e$efskb$1@ID-115215.news.dfncis.de...
> Hy,
>   I've this problem:
> I've a Firewall Watchguard FBIII-700 with a W2k Sp3 Domain Controller in
the
> trusted port and a W2k Sp3 Member server in the DMZ port. The W2k server
in
> the DMZ must authenticate to the W2k Sp3 DC in the trusted.
>
> What are the port that I must open between the DMZ and the trusted to
> authenticate the member server to the DC server??
>
> Thanks in advance
>
> Cristian Meggiorin
> Ip Sys S.r.l.
>
>

Next message: Don Kelloway: "Re: Problem with CP FW-1 Secure SMTP Service"
Previous message: Don Kelloway: "Re: Can't get to my own website"
In reply to: Cristian Meggiorin: "Port open for Microsoft"
Next in thread: ML: "Re: Port open for Microsoft"
Reply: ML: "Re: Port open for Microsoft"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

DMZ Authentication
... This was nice for DMZ type ... a point that could authenticate against the internal ... if the member server cannot contact the DC ... of the trusted domain, it doesn't try its own PDC but just ...
(microsoft.public.win2000.active_directory)
Firewall between memberserver and DC
... I have a Webserver W2K-memberserver in DMZ. ... to authenticate when using the Services on the Webserver. ... The DCs are located in the internal LAN. ... Which ports have to be open on the Firewall between DMZ ...
(microsoft.public.security)
Re: Firewall between memberserver and DC
... > I have a Webserver W2K-memberserver in DMZ. ... > to authenticate when using the Services on the Webserver. ... > The DCs are located in the internal LAN. ... > Which ports have to be open on the Firewall between DMZ ...
(microsoft.public.security)
Re: Port open for Microsoft
... > the DMZ must authenticate to the W2k Sp3 DC in the trusted. ... > authenticate the member server to the DC server?? ...
(comp.security.firewalls)
Setup a Back to back firewall with DMZ
... DMZ I was wondering if the following is possible to do. ... would like to use the same connection to connect my internal Lan to the ... My idea is to set up both routers using NAT, port redirection. ...
(comp.security.firewalls)