Security Basics mailing list archives
Re: Remote Desktop, DMZ
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 26 Apr 2007 14:29:40 +0200
On 2007-04-24 Edmund wrote:
A Remote-Desktop system should be placed within the DMZ, am I correct?
Yes. No. Maybe. 42. Without knowing the requirements and your existing environment there is no definitive answer to your question.
If that is the case, what if the Remote Desktop system requires access to an application server; but, this application server cannot be placed in the DMZ because LAN users also need access to it?
That wouldn't necessarily be a reason not to put the application server into the DMZ. You can allow connections from the LAN to the DMZ without violating the DMZ. Or you could put the application server into a second DMZ and allow access to DMZ_2 from LAN and DMZ_1. Another option may be to replicate the application server into the DMZ. But again, without knowing both your environment and your requirements any recommendation would be a mere blind guess. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Remote Desktop, DMZ Edmund (Apr 25)
- RE: Remote Desktop, DMZ Navroz Shariff (Apr 25)
- RE: Remote Desktop, DMZ Nick Vaernhoej (Apr 25)
- Re: Remote Desktop, DMZ Ansgar -59cobalt- Wiechers (Apr 26)
- RE: Remote Desktop, DMZ ragdelaed (Apr 26)