Security Basics mailing list archives
RE: Host placement and DMZ internal/external questions.
From: amitk () ingvysyabank com
Date: Wed, 19 Oct 2005 00:39:33 +0530
Hi Adam,
2 antivirus mail gateway servers / Antivirus update server does that sit on your DMZ ?
I have one design which might help you to understand.... You can implement dual-level security for Emails i.e. AV Mail Gateway and Spam filter (in-depth mail filters).... For this, I have suggested in my previous company that they can use TrendMicro IMSS (InterScan Messaging Security Suite) as a AV Mail Gateway and use Symantec Mail Security or spamassassins (Linux) for Spam filters.... Your AV update server has to remain in DMZ as this might get some virus itself.... Regards, Amit Kothari _____ (iGATE Infrastructure Management Services | http://www.igate.com) -----Original Message----- From: phunked up! [mailto:phunkodelic () gmail com] Sent: Monday, October 17, 2005 9:42 PM To: Adam T Cc: security-basics () securityfocus com Subject: Re: Host placement and DMZ internal/external questions.
1 if you have a host such as citrix that must have access to the internal network does that sit on your DMZ?
If you are running Citrix and want remote access you should deploy Citrix Secure Gateway as it is free (less the cost of a small windows server) and comes with Citrix. Yes this secure gateway should be put in the DMZ as it is in my network.
2 antivirus mail gateway servers / Antivirus update server does that sit on your DMZ ?
I currently have them on my internal network sitting behind my PIX. I run a small 200+ node network though. If I were looking at a bigger network I might be tempted to move part of the email system to the DMZ. My email system sits on one server. If I had a front end email server and a back end email server (or even more servers) I would place on in the DMZ. My AV server is on the internal network too.
3 a squid proxy that internal hosts access
I have no real world experience with this one BUT I would tend to think you would place your proxy server on the inside of the network behind the firewall.
Hope this helps.
Attachment:
InterScan_Disclaimer.txt
Description:
Current thread:
- Host placement and DMZ internal/external questions. Adam T (Oct 14)
- Re: Host placement and DMZ internal/external questions. Micheal Espinola Jr (Oct 18)
- Re: Host placement and DMZ internal/external questions. phunked up! (Oct 18)
- Re: Host placement and DMZ internal/external questions. Devdas Bhagat (Oct 21)
- <Possible follow-ups>
- RE: Host placement and DMZ internal/external questions. amitk (Oct 18)