Security Basics mailing list archives
Access from DMZ Was: AD in the DMZ . . . OK?
From: "Depp, Dennis M." <deppdm () ornl gov>
Date: Mon, 02 Aug 2004 10:43:58 -0400
I've often wondered if this is really possible. In today's environment, we have to provide some access to our internal networks either from the DMZ or from the internet. (VPN for example.) Is it possible to continue to stay with this phillosophy and still not have direct Internet connections into you secure network (even VPN connections). Dennis -----Original Message----- From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] Sent: Friday, July 30, 2004 2:54 PM To: security-basics () securityfocus com Subject: Re: AD in the DMZ . . . OK? ..snip.. If I'm reading you correctly that would still require access from the DMZ to the DC, thus still violating the DMZ. No host in the DMZ should ever be able to access any service inside the internal network. Regards Ansgar Wiechers -- "Those who would give up liberty for a little temporary safety deserve neither liberty nor safety, and will lose both." --Benjamin Franklin ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Access from DMZ Was: AD in the DMZ . . . OK? Depp, Dennis M. (Aug 02)
- Re: Access from DMZ Was: AD in the DMZ . . . OK? Ansgar -59cobalt- Wiechers (Aug 02)
- <Possible follow-ups>
- RE: Access from DMZ Was: AD in the DMZ . . . OK? Depp, Dennis M. (Aug 03)