Re: DMZ design - Exchange, SQL, & DCOM

From: Mikael Olsson (mikael.olssonat_private)
Date: Fri Feb 11 2000 - 01:38:12 PST

Next message: Thomas Nau: "FW-1 blocking with 'fw sam'"

Previous message: Ben Nagy: "RE: Term Explanation"
Maybe in reply to: Michael Borkin: "DMZ design - Exchange, SQL, & DCOM"
Next in thread: jan.schultheissat_private: "RE: Re: DMZ design - Exchange, SQL, & DCOM"
Reply: jan.schultheissat_private: "RE: Re: DMZ design - Exchange, SQL, & DCOM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jan Schultheiss wrote:
> 
> Mikael Olsson wrote:
> > The reason for the separate DMZ is that you don't want to expose
> > your mail forwarder to your web server.
> 
> Another possibility is to use "secure" switches. There is a switch from Bay
> (i.e Nortel) that allows you to configure on a port basis which devices are
> allowed to talk to each other. 

Yes, this would work.

But does your switch do logging and alerting when your web
server tries to hack your mail server?

It'd be damn nice to see evidence of when you're web server
has been hacked so you know when to go reformat and reinstall
it :-) (And, hopefully, see what the hell went wrong and secure it)

/Mike

-- 
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50           Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
WWW: http://www.enternet.se        E-mail: mikael.olssonat_private

Next message: Thomas Nau: "FW-1 blocking with 'fw sam'"
Previous message: Ben Nagy: "RE: Term Explanation"
Maybe in reply to: Michael Borkin: "DMZ design - Exchange, SQL, & DCOM"
Next in thread: jan.schultheissat_private: "RE: Re: DMZ design - Exchange, SQL, & DCOM"
Reply: jan.schultheissat_private: "RE: Re: DMZ design - Exchange, SQL, & DCOM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:03:07 PDT