Re: Network Security

From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
Date: Wed, 22 Nov 2006 21:52:30 -0700

"Peter Haase" <PeterHaase@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E96624F6-709F-4565-9F47-0E801A5E314E@xxxxxxxxxxxxxxxx

Hi,

Hello

I'm doing some work for a company that has an MS network where their
firewall is a Cisco 800 device. The company public website sits on a
server
that is also a windows 2000 domain controller and the exchange 2000 server

ouch !

for the internal domain.

one could argue whether there is an internal or just a perimeter/edge
domain.

There is a security need to keep internal patent
documents secure (they reside on a file server on the internal domain not
accessible directly by the public).

well, at least there is a server other than just the dc . . .

ps.
the juxtiposition of terms is arguably optimistic in

. . . internal domain not accessible directly by the public).

I know the configuration has security issues and want to address those,

:-)

especially as Exchange is going to be upgraded to 2003 and it's not
recommended it be on a DC. The hard part is I need good reasons for
management to accept that change is required. Can someone point me in the

have you asked them whether they want and internal domain? (doh - :) seems
overly simple to state)

direction of some white papers or articles on potential issues we could
encounter with the current design?

find some dmz or screened network designs in basic block diagram,
you know, little storage boxes in the couple regions separated from
the cloud - then ask: you want to store your jewels here (boxes along
the edge) or in here (screened internal boxes).

I don't mean to sound pedantic. Others so far seem also hard-pressed
to point to a doc, rather than a body of practices. Perhaps this is as
it's such a basic first step. To separate them from us, external from
internal, one draws a line with technologies. One uses the newly
separated internal. One does not mearly use the line.

Any help would be greatly appreciated.

Sorry the lack of a link, but you are welcome to forward this :)

Roger

.

Prev by Date: What kind of conspiracy is this?
Next by Date: Re: starting computer after I have been away
Previous by thread: Re: Network Security
Next by thread: What kind of conspiracy is this?
Index(es):
- Date
- Thread

Relevant Pages

Re: E-Mail gateway on IIS.
... I will go with two seperate boxes! ... > it probably has relay permissions on your backend mail server. ... > versus the cost of an intrusion where confidential corporate data is ... > cost of a separate server plus the cost of maintenance < the cost of the ...
(Focus-Microsoft)
Re: main form with subform and combo boxes
... Why are you using combo boxes to display static information rather than ... depending on selections of the combo boxes. ... Server Name, Backup Policy, Database Name, and Application Name). ... along with any DBs, Apps, or Policies tied to that Server Name to be ...
(comp.databases.ms-access)
Re: Secure workgroups!
... many cheap boxes rather than few expensive boxes. ... require an authentication server and a directory, ... which VPN product to use! ... simpler to manage than using hardware ...
(microsoft.public.security)
Re: Databse Link will not connect
... If you go to Enterprise Manager, ... If I am on one of the boxes in Group C, I am unable to open the link to ... the servers in Group C are using 64-bit Windows. ... By dblink I am referring to a linked server. ...
(comp.databases.ms-sqlserver)
Re: How do I create multiple text boxes with the same info that will
... I read sync'd text boxes to mean..same ... Use Server Side Includes (SSI) ... Your server will need to be configured to use SSI and you may need to rename ... Use PHP Includes ...
(microsoft.public.publisher.webdesign)