Re: Webserver on a DMZ still needed?

["MandommGmail" <mandomm () gmail com>]

Normal networks are divided into LAN and DMZ.

Those stuff that you want the Internet to access, we normally put in DMZ, so 
that in the event that a server is hacked, only the particular network is 
exposed.

There are a few reasons why you want to put exchange on DMZ.
1) You want it public, maybe to use its webmail?
2) Even if you put Exchange on DMZ, you can still use the server as domain 
controller. Maybe some NAT or some firewall changes but I do not see any 
problem with that.

Anymore? I do not know. But I do not see any problem with shifting it to 
DMZ.

Alex

The reason
----- Original Message ----- 
From: "Davie Elliott - Eluse" <delliott () eluse co uk>
To: <security-basics () securityfocus com>
Sent: Sunday, September 03, 2006 7:42 PM
Subject: Webserver on a DMZ still needed?


> Hi all,
>
> I have been working as a systems admin for a charity for about 3 years, I
> have no schooling in network I have learnt everything myself. During my
> research I read that servers with public services should be put on a
> separate subnet which is used as a DMZ (such as POP3, SMTP, webserver 
> ect).
>
> Recently I have left that charity and a network company is taking over the
> administration, and they want to put the Exchange (email) server on the
> trusted network subnet (the network has a smoothwall firewall, so there 
> are
> literally 2 separate networks). My question is this: does the Exchange
> server definatly, need to be put in the DMZ? Or should Microsoft have
> patched all the vulnerabilities by now? There isn't any other software on
> the server, such as forums which I see have vulnerabilities found just 
> about
> ever day.
>
> Secondly, if the Exchange server is on the DMZ subnet, how do you get it 
> to
> interact securely with the Domain Controller on the secure subnet? When I
> built the network, I made the Exchange server its own Domain Controller.
>
> Thanks for your advice,
>
> Davie Elliott
>
>
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence
> in Information Security. Our program offers unparalleled Infosec 
> management
> education and the case study affords you unmatched consulting experience.
> Using interactive e-Learning technology, you can earn this esteemed 
> degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------