Re: W2K3 domain in DMZ

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 06/12/04


Date: Fri, 11 Jun 2004 19:22:55 -0700

IMO the private network is good idea, but you must
restrict and/or screen public interfaces fully/carefully
as each one is the gate to that entire private network.

-- 
Roger
"John Koswalski" <john.koswalski@perfectitsolutions.nl> wrote in message
news:%23uu1mS%23TEHA.3988@TK2MSFTNGP10.phx.gbl...
> Yes a single domain DMZ
>
> I'm thinking about
>
> Fire Wall
>
> Public subnet on 1st NIC
> Private subnet on 2nd NIC
>
> This for all servers that have a need for internet connectivity, the
others
> would only have the private subnet configured an be used for backups,
> account management etc ... perhaps extra hardend using IPSec, IP filtering
> etc ....
>
> Main concerns is getting a DMZ that we can centrally manage and backup
(one
> server, from that server to tape)
>
> Thx for your input
>
> "S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
> news:%230ixsTuTEHA.556@tk2msftngp13.phx.gbl...
> > Is that a single DMZ that you need to implement AD in? If so, just
create
> a
> > pair of domain controlers and add the hosts to the domain. Do not expose
> the
> > domain controllers to the Internet (matter of fact, better keep them off
> the
> > intranet, too). Backup? Do _not_ backup to a file that you keep on the
> same
> > server, or even another box - you will lose data. Make tape backups,
ship
> > tapes offsite. That is not that complicated, even small business can
> afford
> > doing that. I've been involved in a case when a business survived thanks
> to
> > such backup strategy.
> >
> > -- 
> > Svyatoslav Pidgorny, MVP, MCSE
> > -= F1 is the key =-
> >
> > "John Koswalski" <john.koswalski@perfectitsolutions.nl> wrote in message
> > news:eCll3mkTEHA.1412@TK2MSFTNGP11.phx.gbl...
> > >   Hello,
> > >
> > > I'm considering setting up a seprate forrest for our DMZ in order to
> > > facilitate management.  I'm concerned about security and I'm looking
for
> > > information and best practices for this scenario.  I'm also interested
> in
> > > backup scenario's ... I would like to backup to file on a central
sever
> in
> > > the DMZ but I'm worried about the holes this might create in the DMZ
> > domain.
> > > Until now all our servers have been bastion hosts who could not even
> > > communicate well with each other.  Basically we nailed 'm as shut as
we
> > > could  Si this scenario is a bit of a change for us.  Thx for you
input.
> > >
> > >
> >
> >
>
>


Relevant Pages

  • RE: [fw-wiz] Backup exec agent in dmz
    ... named.conf file and the zonefiles off the the NT box in the DMZ. ... on the Apache server, ... backup tape library in this DMZ and backup all your servers to the new DMZ. ... what do you really need to back up on the DNS and web servers? ...
    (Firewall-Wizards)
  • RE: DMZ and VPN
    ... > I'm curious as to how it applies to a server providing VPN ... > have one interface on the private network, and the other in a DMZ ...
    (Security-Basics)
  • Dual NICs, Routing Problem
    ... I am using SLES 9 & have a server set up with dual NICs, ... from my DMZ and the other has the IP of a private network that my ... DMZ subnet: 192.1.34.0 ... I should be able to make the default gateway to ...
    (alt.os.linux.suse)
  • [fw-wiz] Backup exec agent in dmz
    ... mail/antivirus server, a dns server, and a web server. ... I have a windows 2000 server running backup exec version 9 on the primary ... network connected to a ten thousand dollar tape loader, ... have to set up a separate backup system for the dmz computers. ...
    (Firewall-Wizards)
  • Re: DNS and DMZ zone problem
    ... And I have a different domain in my DMZ. ... my intension was failover and easy backup of users for my ... > replicated everything on my web/ftp server too the second one. ... > systemstate, and IIS, and use that too restore the server? ...
    (microsoft.public.win2000.dns)