Re: DMZ design - Exchange, SQL, & DCOM

From: Jan Schultheiss (jan.schultheissat_private)
Date: Tue Feb 08 2000 - 02:37:47 PST

Next message: Rick Murphy: "Re: segmentation fault"

Previous message: Carric Dooley: "Re: Frame PVC encryption options?"
Maybe in reply to: Michael Borkin: "DMZ design - Exchange, SQL, & DCOM"
Next in thread: Francois Dupont: "Re: DMZ design - Exchange, SQL, & DCOM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>

Hi,

[snip]

> The reason for the separate DMZ is that you don't want to expose
> your mail forwarder to your web server. The risk that someone
> will hack your web server through the firewall is much greater
> than the risk of someone hacking your mail forwarder through the
> firewall. However, with the two placed on the same LAN, hacking
> the mail forwarder most likely becomes a simple task.

Another possibility is to use "secure" switches. There is a switch from Bay
(i.e Nortel) that allows you to configure on a port basis which devices are
allowed to talk to each other. You can define a port on that switch which can
talk to all other ports on that switch. In that specific port you place the
(ethernet) cable from the firewall. All other ports are configured in such a
way that they cannot talk to each other (they don't even see broadcasts from
other devices).

Best regards
Jan Schultheiss

Next message: Rick Murphy: "Re: segmentation fault"
Previous message: Carric Dooley: "Re: Frame PVC encryption options?"
Maybe in reply to: Michael Borkin: "DMZ design - Exchange, SQL, & DCOM"
Next in thread: Francois Dupont: "Re: DMZ design - Exchange, SQL, & DCOM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:38 PDT