Security Basics mailing list archives

RE: Host placement and DMZ internal/external questions.

From: amitk () ingvysyabank com
Date: Wed, 19 Oct 2005 00:39:33 +0530

Hi Adam,

2 antivirus mail gateway servers / Antivirus update server does that
sit on your DMZ ?


    I have one design which might help you to understand.... You can
implement dual-level security for Emails i.e. AV Mail Gateway and Spam
filter (in-depth mail filters).... For this, I have suggested in my previous
company that they can use TrendMicro IMSS (InterScan Messaging Security
Suite) as a AV Mail Gateway and use Symantec Mail Security or spamassassins
(Linux) for Spam filters.... 

    Your AV update server has to remain in DMZ as this might get some virus
itself....

         

Regards, 
Amit Kothari


  _____  

(iGATE Infrastructure Management Services | http://www.igate.com) 

 

 



-----Original Message-----
From: phunked up! [mailto:phunkodelic () gmail com]
Sent: Monday, October 17, 2005 9:42 PM
To: Adam T
Cc: security-basics () securityfocus com
Subject: Re: Host placement and DMZ internal/external questions.

1 if you have a host such as citrix that must have access to the
internal network does that sit on your DMZ?


If you are running Citrix and want remote access you should deploy
Citrix Secure Gateway as it is free (less the cost of a small windows
server)  and comes with Citrix.  Yes this secure gateway should be put
in the DMZ as it is in my network.


2 antivirus mail gateway servers / Antivirus update server does that
sit on your DMZ ?


I currently have them on my internal network sitting behind my PIX.  I
run a small 200+ node network though.  If I were looking at a bigger
network I might be tempted to move part of the email system to the
DMZ.  My email system sits on one server.  If I had a front end email
server and a back end email server (or even more servers) I would
place on in the DMZ.  My AV server is on the internal network too.


3 a squid proxy that internal hosts access


I have no real world experience with this one BUT I would tend to
think you would place your proxy server on the inside of the network
behind the firewall.

Hope this helps.

Attachment: InterScan_Disclaimer.txt
Description:

Current thread:

Host placement and DMZ internal/external questions. Adam T (Oct 14)
- Re: Host placement and DMZ internal/external questions. Micheal Espinola Jr (Oct 18)
- Re: Host placement and DMZ internal/external questions. phunked up! (Oct 18)
- Re: Host placement and DMZ internal/external questions. Devdas Bhagat (Oct 21)
- <Possible follow-ups>
- RE: Host placement and DMZ internal/external questions. amitk (Oct 18)