RE: E2k -in the DMZ segment !

  • From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 22 Aug 2003 09:37:21 -0700

A DMZ is a zone/subnet that is segregated from the rest of the network. It
is accusable from the Internet. Having servers in the DMZ serving as
gateways is called FrontEnd/BackEnd, and is very common. The Internet sees
only the server in the DMZ.

 

Please see my response on the ISA board.

 

I think it is time to start doing some reading, and also explain what it is
you are trying to accomplish. We can then suggest the best way to do that.

 

John Tolmachoff MCSE CSSA

Engineer/Consultant

eServices For You

www.eservicesforyou.com

 

-----Original Message-----
From: Andrey Silkin [mailto:silkin@xxxxxx] 
Sent: Friday, August 22, 2003 7:04 AM
To: [ExchangeList]
Subject: [exchangelist] RE: E2k -in the DMZ segment !

 

http://www.MSExchange.org/

I think that configuration you described is not original DMZ because  your
servers functions like

gateways - in this situation we don't have a possibility to isolate Internet
traffic . 

 

But can you help me ? I have a subnet of public ip-addresses (something like
195.42.182.128/28 ).

How can I configure my DMZ ? Do I must to subnet this network ?

 

 

Best Regards

Andrey Silkin

 

 

-----Original Message-----
From: Stelley, Douglas [mailto:dstelley@xxxxxxx] 
Sent: Friday, August 22, 2003 5:57 PM
To: [ExchangeList]
Subject: [exchangelist] RE: E2k -in the DMZ segment !

 

http://www.MSExchange.org/

Why do you say that? Whats not in the DMZ?

-----Original Message-----
From: Andrey Silkin [mailto:silkin@xxxxxx] 
Sent: Friday, August 22, 2003 9:52 AM
To: [ExchangeList]
Subject: [exchangelist] RE: E2k -in the DMZ segment !

http://www.MSExchange.org/

It is interesting but this is not DMZ .. I think

 

-----Original Message-----
From: Stelley, Douglas [mailto:dstelley@xxxxxxx] 
Sent: Friday, August 22, 2003 5:42 PM
To: [ExchangeList]
Subject: [exchangelist] RE: E2k -in the DMZ segment !

 

http://www.MSExchange.org/

That's we we did, we use a couple of servers in the DMZ that are gateways.
Using this configuration, we aslo installed GFI Security & Essentials. We
protect our server from outside access & block spam/viruses at the same time
while allowing the Exchange server resources down to a manageable level.

-----Original Message-----
From: Andrey Silkin [mailto:silkin@xxxxxx] 
Sent: Friday, August 22, 2003 9:32 AM
To: [ExchangeList]
Subject: [exchangelist] RE: E2k -in the DMZ segment !

http://www.MSExchange.org/

Thank you Neil , but what do you think about the installation of IIS SMTP
service ?

I can configure this like smart-host . How do you think is this
configuration more secure ?

 

Best Regards 

Andrey Silkin

 

-----Original Message-----
From: Neil Hobson [mailto:Neil.Hobson@xxxxxxxxxxxxxxxxx] 
Sent: Friday, August 22, 2003 4:48 PM
To: [ExchangeList]
Subject: [exchangelist] RE: E2k -in the DMZ segment !

 

http://www.MSExchange.org/

Why do that?  You'll have to poke so many holes in the firewall, it'll
resemble Swiss cheese.  That's really not a good configuration if security
is important to you.

 

Neil

 


  _____  


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
silkin@xxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
johnlist@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub') 

Confidentiality Notice: The information contained in this message may be
legally privileged and confidential information intended only for the use of
the individual or entity named above. If the reader of this message is not
the intended recipient, or the employee or agent responsible to deliver it
to the intended recipient, you are hereby notified that any release,
dissemination, distribution, or copying of this communication is strictly
prohibited. If you have received this communication in error please notify
the author immediately by replying to this message and deleting the original
message. Thank you.

Other related posts: