Re: DMZ and Memberservers

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 05/27/05

Next message: Steven L Umbach: "Re: i have a file that is locked. i can not delete it. is there any way to see what person or process has a lock on it?"
Previous message: Steven L Umbach: "Re: Hardening Member Servers"
In reply to: jokes54321: "DMZ and Memberservers"
Next in thread: Karl Levinson, mvp: "Re: DMZ and Memberservers"
Reply: Karl Levinson, mvp: "Re: DMZ and Memberservers"
Reply: jokes54321: "Re: DMZ and Memberservers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 26 May 2005 18:18:15 -0500

If possible you are best off not having them be members of your AD domain
but keep in mind that may be impossible if they need to use AD to
authenticate AD users. The problem is that to keep them domain members you
need to configure a number of rules in your firewall including dynamic RPC.
Web servers are good candidates for a dmz. The link below will show how you
need to configure a firewall for Active Directory unless you can configure a
tunnel of some sort such as for a persistent VPN connection. --- Steve

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B179442

"jokes54321" <jokes54321@nospam.com> wrote in message
news:%23AWnE8VYFHA.1796@TK2MSFTNGP15.phx.gbl...
> We are in the process of redoing our network to implement a DMZ and add a
> Cisco PIX firewall to the mix. My question is, what roles should the
> servers in the DMZ be? At the moment, our webserver and mailserver are
> members of our Win2K AD domain behind a firewall. Once we move these to
> the DMZ is it best practices to remove them from the domain and make them
> standalone servers?
>
> How are some of you doing this?
>
> Thank you,
>
> Denny
>

Next message: Steven L Umbach: "Re: i have a file that is locked. i can not delete it. is there any way to see what person or process has a lock on it?"
Previous message: Steven L Umbach: "Re: Hardening Member Servers"
In reply to: jokes54321: "DMZ and Memberservers"
Next in thread: Karl Levinson, mvp: "Re: DMZ and Memberservers"
Reply: Karl Levinson, mvp: "Re: DMZ and Memberservers"
Reply: jokes54321: "Re: DMZ and Memberservers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Securing the DMZ and Trusted domain with a firewall
... you can setup firewall to have DMZ completely separate, ... > separated by a Cisco Pix 520 firewall. ... All servers in the DMZ and trusted are multi ... > WINS and DHCP in the trusted domain. ...
(microsoft.public.security)
Re: AD requirements for DMZ?
... By standards it is a bad idea to have dc's in a dmz even if they are only used for external access. ... Consider creating a 2008 AD and firewall off the RWDC and provide the RODC's themselves unfettered access to the RWDC. ... In our internal lab environment, we have 3 servers setup as Windows NLB. ...
(microsoft.public.windows.server.active_directory)
RE: Basic Network Configuration
... Yes, mail servers, web servers, ftp etc are your DMZ buddies. ... firewall> dmz> firewall> lan layout but physically it does not. ...
(Security-Basics)
Re: Moving servers beind firewall
... >> I need to move two servers from outside a firewall to a DMZ. ... >> from both the internet and internal segments. ... I may as well keep those servers outside the ...
(comp.os.linux.security)
Re: Svr-03 and DMZ
... If you use the back-to-back firewall model there is an additional firewall between the DMZ and the private LAN. ... The best candidates for a DMZ are servers which need to be accessed routinely from the Internet but only occasionally or never from the LAN. ...
(microsoft.public.windows.server.networking)