:-) Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Deus, Attonbitus [mailto:Thor@xxxxxxxxxxxxxxx] Sent: Thursday, July 10, 2003 4:05 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: AD in DMZ http://www.ISAserver.org At 01:46 PM 7/10/2003, you wrote: >http://www.ISAserver.org > >Hi Brian, > >You use RRAS packet filters and IPSec Policies to create a LAT-based DMZ. >But remember, its NOT a real DMZ if you put private assets into it. Its >like me putting my ex-mother in law in the Korean DMZ. Hmmm. well, that's >not the best analogy, but you know what I mean. A DMZ is design as an >entirely separate and distinct security zone that if compromise has no >effect on your protected assets. Extending the private network's security >zone into the DMZ entirely breaks the underpinnings of the DMZ concept. At >that point all you have is a "screened subnet", not a DMZ. > Don't you WANT to put your ex-mother-in-law in the Korean DMZ? :-p t ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')