Re: How vulnerable server will become if placed on DMZ ?
From: Marlon Brown (marlon_brownj@hotmail.com)
Date: 08/21/02
- Next message: Annie: "Windows Update"
- Previous message: user: "Re: What is considered POST SP3?"
- In reply to: karl [x y]: "Re: How vulnerable server will become if placed on DMZ ?"
- Next in thread: Jeff Cochran: "Re: How vulnerable server will become if placed on DMZ ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Marlon Brown" <marlon_brownj@hotmail.com> Date: Wed, 21 Aug 2002 07:29:37 -0700
That's right, I already 'disabled' OS services that I don't need, changed
'restrictanonymous' to "1" (If I change it to "2", that damn application
doesn't work right) - File & Print sharing and NetBios over TCP/IP is
disabled, so that would help.
That's not IIS, so no way for me to run "iislockdown" or something like
that.
I will configure IPSec filter in a testing machine and see how it goes.
Thanks for all your help
"karl [x y]" <jamescagney90210@excite.com> wrote in message
news:OB5NQlQSCHA.3732@tkmsftngp11...
> "Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
> news:eIHhDoNSCHA.2272@tkmsftngp11...
> > I have a type of Web Server (proprietary web server).
> > This server needs to be accessed from the Internet.
> > I have a firewall and TCP 80 inbound and outbound should be configured
to
> > allow people to access the described server from the Internet.
> >
> > Third party software vendor recommended that the server is placed on the
> > "DMZ".
> > When it comes to security, how badly am I going to increase potential
> > threats if I put the server on the "DMZ" instead of keeping it "inside"
my
> > network ?
>
> The idea of a DMZ is not to subject your web server to greater risk, but
to
> protect your internal network from a compromised web server. A DMZ can
also
> give you greater control over what traffic is permitted and denied to and
> from which network. [e.g. right now I bet you have little or no control
or
> logging concerning what traffic flows between your internal network and
the
> web server]. A DMZ is generally considered better security for your
entire
> network as compared to what you probably have now, a single firewall.
>
> In setting up a DMZ, you face some choices... a single firewall with a
third
> network interface for an isolated DMZ network, a second firewall with the
> DMZ network in between the two firewalls, a second firewall with a third
> network interface, a proxy server, etc. The book Building Internet
> Firewalls is considered a little dated but describes firewall
architectures
> and filters.
>
> Setting up a web server without compromising your network security takes
> some knowledge. If you aren't already an expert at DMZs and other facets
of
> internet security, I would highly recommend finding a security consultant
to
> help. Hopefully you've already configured your web server and Windows
with
> the latest patches, settings and permissions using all available security
> hardening checklists. An awful lot of serious network compromises can
slip
> through a firewall on a single port such as TCP 80.
>
>
>
>
>
- Next message: Annie: "Windows Update"
- Previous message: user: "Re: What is considered POST SP3?"
- In reply to: karl [x y]: "Re: How vulnerable server will become if placed on DMZ ?"
- Next in thread: Jeff Cochran: "Re: How vulnerable server will become if placed on DMZ ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
