Firewall Wizards mailing list archives
RE: Re: DMZ design - Exchange, SQL, & DCOM
From: jan.schultheiss () ubs com
Date: Mon, 14 Feb 2000 10:44:06 +0100
Hi Mike
Jan Schultheiss wrote:Mikael Olsson wrote:The reason for the separate DMZ is that you don't want to expose your mail forwarder to your web server.Another possibility is to use "secure" switches. There is aswitch from Bay(i.e Nortel) that allows you to configure on a port basiswhich devices areallowed to talk to each other.Yes, this would work. But does your switch do logging and alerting when your web server tries to hack your mail server?
All traffic would have to pass the firewall where you could do the logging and alerting. The only task the switch has to do is to allow communication between the firewall and the systems in the DMZ. However, the systems in the DMZ (although logically on the same network) would not be able to talk to each other.
It'd be damn nice to see evidence of when you're web server has been hacked so you know when to go reformat and reinstall it :-) (And, hopefully, see what the hell went wrong and secure it)
It would be even nicer when you got alerted when you're systems are under attack ;-) But on heavy loaded web site this is an entirely different issue. Jan
Current thread:
- Re: DMZ design - Exchange, SQL, & DCOM, (continued)
- Re: DMZ design - Exchange, SQL, & DCOM billp (Feb 07)
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 07)
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 07)
- Message not available
- Re: DMZ design - Exchange, SQL, & DCOM Jan Schultheiss (Feb 10)
- Re: DMZ design - Exchange, SQL, & DCOM Mikael Olsson (Feb 11)
- Message not available
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 07)
- RE: DMZ design - Exchange, SQL, & DCOM Henry Sieff (Feb 10)
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 10)
- Re: DMZ design - Exchange, SQL, & DCOM Michael Borkin (Feb 10)
- Re: DMZ design - Exchange, SQL, & DCOM Francois Dupont (Feb 10)
- RE: Re: DMZ design - Exchange, SQL, & DCOM jan . schultheiss (Feb 15)