Security Basics mailing list archives

Re: Remote Desktop, DMZ

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 26 Apr 2007 14:29:40 +0200

On 2007-04-24 Edmund wrote:

A Remote-Desktop system should be placed within the DMZ, am I correct?


Yes. No. Maybe. 42.

Without knowing the requirements and your existing environment there is
no definitive answer to your question.

If that is the case, what if the Remote Desktop system requires access
to an application server; but, this application server cannot be
placed in the DMZ because LAN users also need access to it?


That wouldn't necessarily be a reason not to put the application server
into the DMZ. You can allow connections from the LAN to the DMZ without
violating the DMZ. Or you could put the application server into a second
DMZ and allow access to DMZ_2 from LAN and DMZ_1. Another option may be
to replicate the application server into the DMZ. But again, without
knowing both your environment and your requirements any recommendation
would be a mere blind guess.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Current thread:

Remote Desktop, DMZ Edmund (Apr 25)
- RE: Remote Desktop, DMZ Navroz Shariff (Apr 25)
- RE: Remote Desktop, DMZ Nick Vaernhoej (Apr 25)
- Re: Remote Desktop, DMZ Ansgar -59cobalt- Wiechers (Apr 26)
- RE: Remote Desktop, DMZ ragdelaed (Apr 26)