Security Basics mailing list archives

Access from DMZ Was: AD in the DMZ . . . OK?

From: "Depp, Dennis M." <deppdm () ornl gov>
Date: Mon, 02 Aug 2004 10:43:58 -0400

I've often wondered if this is really possible.  In today's environment,
we have to provide some access to our internal networks either from the
DMZ or from the internet.  (VPN for example.)  Is it possible to
continue to stay with this phillosophy and still not have direct
Internet connections into you secure network (even VPN connections). 

Dennis  

-----Original Message-----
From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] 
Sent: Friday, July 30, 2004 2:54 PM
To: security-basics () securityfocus com
Subject: Re: AD in the DMZ . . . OK?

..snip..

If I'm reading you correctly that would still require access from the
DMZ to the DC, thus still violating the DMZ. No host in the DMZ should
ever be able to access any service inside the internal network.

Regards
Ansgar Wiechers
-- 
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Access from DMZ Was: AD in the DMZ . . . OK? Depp, Dennis M. (Aug 02)
- Re: Access from DMZ Was: AD in the DMZ . . . OK? Ansgar -59cobalt- Wiechers (Aug 02)
- <Possible follow-ups>
- RE: Access from DMZ Was: AD in the DMZ . . . OK? Depp, Dennis M. (Aug 03)