Re: W2K3 domain in DMZ

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 06/12/04


Date: Fri, 11 Jun 2004 19:22:55 -0700

IMO the private network is good idea, but you must
restrict and/or screen public interfaces fully/carefully
as each one is the gate to that entire private network.

-- 
Roger
"John Koswalski" <john.koswalski@perfectitsolutions.nl> wrote in message
news:%23uu1mS%23TEHA.3988@TK2MSFTNGP10.phx.gbl...
> Yes a single domain DMZ
>
> I'm thinking about
>
> Fire Wall
>
> Public subnet on 1st NIC
> Private subnet on 2nd NIC
>
> This for all servers that have a need for internet connectivity, the
others
> would only have the private subnet configured an be used for backups,
> account management etc ... perhaps extra hardend using IPSec, IP filtering
> etc ....
>
> Main concerns is getting a DMZ that we can centrally manage and backup
(one
> server, from that server to tape)
>
> Thx for your input
>
> "S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
> news:%230ixsTuTEHA.556@tk2msftngp13.phx.gbl...
> > Is that a single DMZ that you need to implement AD in? If so, just
create
> a
> > pair of domain controlers and add the hosts to the domain. Do not expose
> the
> > domain controllers to the Internet (matter of fact, better keep them off
> the
> > intranet, too). Backup? Do _not_ backup to a file that you keep on the
> same
> > server, or even another box - you will lose data. Make tape backups,
ship
> > tapes offsite. That is not that complicated, even small business can
> afford
> > doing that. I've been involved in a case when a business survived thanks
> to
> > such backup strategy.
> >
> > -- 
> > Svyatoslav Pidgorny, MVP, MCSE
> > -= F1 is the key =-
> >
> > "John Koswalski" <john.koswalski@perfectitsolutions.nl> wrote in message
> > news:eCll3mkTEHA.1412@TK2MSFTNGP11.phx.gbl...
> > >   Hello,
> > >
> > > I'm considering setting up a seprate forrest for our DMZ in order to
> > > facilitate management.  I'm concerned about security and I'm looking
for
> > > information and best practices for this scenario.  I'm also interested
> in
> > > backup scenario's ... I would like to backup to file on a central
sever
> in
> > > the DMZ but I'm worried about the holes this might create in the DMZ
> > domain.
> > > Until now all our servers have been bastion hosts who could not even
> > > communicate well with each other.  Basically we nailed 'm as shut as
we
> > > could  Si this scenario is a bit of a change for us.  Thx for you
input.
> > >
> > >
> >
> >
>
>