[clue-tech] Best practice network design?
Chris Wiegand
cwiegand at signalbhn.org
Wed Jan 5 10:14:34 MST 2005
But even if you used a VPN, if your reason for putting the box in the DMZ is
that it has public services, and as such could theoretically be hacked, then
putting a VPN on it does nothing for security, as if it got hacked, then they
would just come in by VPN instead of through the open ports, and in fact, the
VPN would probably give them more access unless you lock it down as well..
Opening the ports on the firewall, restricting it to just those ports and
src/dest IPs as needed is probably more secure than just using a VPN, in my
humble opinion..
Chris Wiegand
Network Administrator / Programmer
Signal BHN
Ph: 303.639.9320 x1016
-----Original Message-----
From: clue-tech-bounces at clue.denver.co.us
[mailto:clue-tech-bounces at clue.denver.co.us] On Behalf Of Jed S. Baer
Sent: Tuesday, January 04, 2005 3:52 PM
To: black at clapthreetimes.com; clue tech
Subject: Re: [clue-tech] Best practice network design?
On Tue, 4 Jan 2005 14:10:21 -0700 (MST)
Chris Schock wrote:
> My problem is this: I need to have a Windows server in the DMZ
> authenticate users against the Windows Domain, but in order for this
> to work I have to open every single blessed port Windows talks on to
> make it work - making the DMZ completely useless.
Can you have your DMZ box use a VPN or something like that? It'd be only one
more port open on the firewall, for the VPN tunnel.
Maybe there's some Windoze user groups?
http://www.google.com/search?q=denver+microsoft+users+group&sa=++Google+Searc
h++&lr=lang_en
jed
--
http://s88369986.onlinehome.us/freedomsight/
Key fingerprint = B027 FEFB 4281 CC72 67D1 4237 F2D0 D356 077A A30E ... it
is poor civic hygiene to install technologies that could someday facilitate a
police state. -- Bruce Schneier
_______________________________________________
CLUE-tech mailing list
CLUE-tech at clue.denver.co.us
http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list