Re: RPC Dynamic Ports? Windows 2003 with Checkpoint firewall.

From: Volker Birk (bumens_at_dingens.org)
Date: 08/21/05

• Next message: techcs: "Re: RPC Dynamic Ports? Windows 2003 with Checkpoint firewall."
• Previous message: techcs: "Re: RPC Dynamic Ports? Windows 2003 with Checkpoint firewall."
• In reply to: techcs: "Re: RPC Dynamic Ports? Windows 2003 with Checkpoint firewall."
• Next in thread: Leythos: "Re: RPC Dynamic Ports? Windows 2003 with Checkpoint firewall."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 21 Aug 2005 22:04:33 +0200

techcs <colinsealeaf@blueyonder.co.uk> wrote:
> Just to confirm to setup of my DMZ.. I only have a member server in the
> DMZ and this is to authenticate end users on the internet to access
> Mailboxes via Outlook Web Access. Now OWA will only work if the domain
> users are allowed to log on locally at this member server in the DMZ so
> as a result it needs to talk back to the domain. Two exchange servers
> are in the internal network.

Perhaps it would be a good idea, if you'll have an application gateway,
say: a proxy server in the firewall, and have the OWA server inside.

And even better: only offer this service with HTTPS and an authentification
for the proxy server first. The best possibility would be a VPN, which
ends at the application gateway.

And don't forget to do filtering on the AG, so only what you want to
offer is possible being received.

Windows' domain concept is not secure, and it's not a good idea to
have it through the zones.

Yours,
VB.

-- 
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
                                    Harald Schmidt zum "Weltjugendtag"

---

• Next message: techcs: "Re: RPC Dynamic Ports? Windows 2003 with Checkpoint firewall."
• Previous message: techcs: "Re: RPC Dynamic Ports? Windows 2003 with Checkpoint firewall."
• In reply to: techcs: "Re: RPC Dynamic Ports? Windows 2003 with Checkpoint firewall."
• Next in thread: Leythos: "Re: RPC Dynamic Ports? Windows 2003 with Checkpoint firewall."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: fedora-list Digest, Vol 6, Issue 266 ... Re: OT: Setting up a forwarding mail domain in DMZ without ... Re: Sound Problem ... downloaded the yum.conf for fedora from Redhat's website. ... Server: Fedora.us Extras ... (Fedora) RE: Webserver on a DMZ still needed? ... Certainly your suggestion to have a email server in a DMZ but still have ... having the exchange server on the internal LAN with only the smtp ports ... Talking of the financial cost of setup by the book vs the security cost ... (Security-Basics) Re: Man gets nine years for spamming ... > I don't think we've ever had web access. ... > connect to an inner server where you logged in and actually did stuff. ... We have 12 DMZ interfaces. ... the DMZs and in between the Internet routers and the first ... (alt.computer.security) RE: [fw-wiz] Backup exec agent in dmz ... named.conf file and the zonefiles off the the NT box in the DMZ. ... on the Apache server, ... backup tape library in this DMZ and backup all your servers to the new DMZ. ... what do you really need to back up on the DNS and web servers? ... (Firewall-Wizards) RE: [fw-wiz] Single Exchange/OWA on LAN with Internet Access - a good ... The ISA acting as a proxy in the DMZ is a good option I think ... because ISA is designed to work with OWA or is it the other way round. ... in the DMZ or an ISA Server. ... (Firewall-Wizards)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2005-08