Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Exchange Questions

From: "Frank W. Keeney" <FKeeney () hsa com>
Date: Mon, 17 May 1999 07:37:55 -0700
If that machine is compromised they have access to your internal net. If
it's in the same MS domain then you make it too easy for a potential
intruder to gain access to all your internal MS hosts.

IMHO all host with services accessible from the Internet should be in
the DMZ (or service network). Windows NT hosts such as Exchange or web
servers should be in their own MS Domain. Then setup a one way MS Domain
trust so the external domains trust the internal domains but not the
other way around.

I've setup FW1 in the past with seven Ethernet ports. One for each
"external" host. This was for a client where security was critical.



+++++++++++++++++++++++++++++++++++++++++++++++++++++++
Frank Keeney, Network Services, Home Savings of America
+1 626-814-5080 mailto:fkeeney () hsa com
+++++++++++++++++++++++++++++++++++++++++++++++++++++++


        ----------
        From:  cschuttg () winning-strategies com
[SMTP:cschuttg () winning-strategies com]
        Sent:  Thursday, May 13, 1999 2:00 PM
        To:  firewall-wizards () nfr net
        Subject:  RE: Exchange Questions

        I can't think of one. We have our Exchange server on the trusted
net and set
        the firewall to forward those packets on port 25 to the address
of the
        Exchange server.

        Works fine and protects the server the most.

        -----Original Message-----
        To: firewall-wizards () nfr net
        Subject: Exchange Questions


        If I was setting up a DMZ, using Firewall-1, what advantage
would there
        be if I put my Exchange server & Email connector outon the DMZ?
Previous By Date Next
Previous By Thread Next

Current thread: