Re: DMZ and Memberservers

From: jokes54321 (jokes54321_at_nospam.com)
Date: 05/27/05

• Next message: B. Meincke: "Re: Deny Software Installation to Students"
• Previous message: Bijan Kianifard: "How to investigate"
• In reply to: Steven L Umbach: "Re: DMZ and Memberservers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 27 May 2005 08:48:58 -0700

I just wanted to thank you both for the info. It is extremely helpful.

Denny

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:ebtMxkkYFHA.796@TK2MSFTNGP09.phx.gbl...
> If possible you are best off not having them be members of your AD domain
> but keep in mind that may be impossible if they need to use AD to
> authenticate AD users. The problem is that to keep them domain members
> you need to configure a number of rules in your firewall including dynamic
> RPC. Web servers are good candidates for a dmz. The link below will show
> how you need to configure a firewall for Active Directory unless you can
> configure a tunnel of some sort such as for a persistent VPN
> onnection. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B179442
>
> "jokes54321" <jokes54321@nospam.com> wrote in message
> news:%23AWnE8VYFHA.1796@TK2MSFTNGP15.phx.gbl...
>> We are in the process of redoing our network to implement a DMZ and add a
>> Cisco PIX firewall to the mix. My question is, what roles should the
>> servers in the DMZ be? At the moment, our webserver and mailserver are
>> members of our Win2K AD domain behind a firewall. Once we move these to
>> the DMZ is it best practices to remove them from the domain and make them
>> standalone servers?
>>
>> How are some of you doing this?
>>
>> Thank you,
>>
>> Denny
>>
>
>

• Next message: B. Meincke: "Re: Deny Software Installation to Students"
• Previous message: Bijan Kianifard: "How to investigate"
• In reply to: Steven L Umbach: "Re: DMZ and Memberservers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: DMZ and Memberservers ... If possible you are best off not having them be members of your AD domain ... need to configure a number of rules in your firewall including dynamic RPC. ... Web servers are good candidates for a dmz. ... (microsoft.public.win2000.security) Re: firewall behind router ... >>My only concern is unsolicited access to the lan from unscrupulous ... >>security as a firewall negating the need for the XP firewall. ... If the other family members are as knowledgeable ... >I run Windows Firewall on all of my family's XP computers. ... (microsoft.public.windowsxp.network_web) FW: Application layer firewall on FreeBSD, is it possible ? ... but you know, proxy is not what I am asking, proxy is not firewall. ... We do not need to restrict everything and all members. ... Core members decided to control p2p traffic by default and to allow ... (freebsd-questions) RE: Active Directory and IIS on production servers, and clusterin g ... > more than two or three systems in the DMZ, ... > making them domain members, just not members of the internal domain. ... > Subject: RE: Active Directory and IIS on production servers,> and clustering ... In most cases, unless there is some pressing business> need to make a trust, I would _not_ establish a trust between> the DMZ domain and the internal domain, but if I did, I'd> make sure and use Win2k3 DCs and make it a limited trust. ... (Focus-Microsoft) Re: Question about Hotel Kingdom ... already booked 4 nights at EL Cortez through Hotel Kingdom. ... Denny will tell you either to google for your ... Members of this ng, according to the ... (alt.vacation.las-vegas)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint