Security Basics mailing list archives

Re: DMZ, Tape Backup and Security

From: "Peter Pekala" <peterp () netnitco net>
Date: Thu, 19 Jun 2003 11:30:11 -0500

Depending on your environment, your 2nd scenario can be 
a reasonable solution:

: Senario 2: Change firewall rules to give acces from DMZ to LAN.
: 
: Plus side: Cost less and easyer management
: Down side: Hole in Firewall
:             (I did some test with Veritas Backup exec and it is
:              using RPC so it is a realy hard to set Firewall rules)

a. set up the backup server on the LAN 
b. restrict Veritas to use a predetermined range of UDP ports
c. allow those UDP ports and TCP port 6103 from DMZ to LAN

For more details see  http://seer.support.veritas.com/docs/243104.htm
NOTE: I have found that the NetBIOS and Kerberos ports shown in the
          table at the beginning of section II do NOT need to be open.

- Peter


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Current thread:

DMZ, Tape Backup and Security Erik Vincent (Jun 18)
- Re: DMZ, Tape Backup and Security Anders Reed Mohn (Jun 19)
- Re: DMZ, Tape Backup and Security Peter Pekala (Jun 20)
- <Possible follow-ups>
- Fw: DMZ, Tape Backup and Security holger.reichert (Jun 19)
- RE: DMZ, Tape Backup and Security Matthew Crape (Jun 19)