RE: Staging Web Server

• From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 25 Mar 2002 17:22:57 -0600

Hi Joseph,

So, if the Web server on the DMZ is compromised (its supposed to be,
it's a bastion host!), then they could access the staging server. If
they compromise the staging server, then they have direct access to the
internal network. Right?

Thanks!

Tom

-----Original Message-----
From: Joseph [mailto:cismic@xxxxxxx] 
Sent: Monday, March 25, 2002 5:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Staging Web Server

http://www.ISAserver.org


Hi Tom,

EXTERNAL ISA 2 NIC cards

WEB Server 1 NIC card (would like 2)

INTERNAL ISA 2 NIC cards

STAGING Server will have 2 NIC cards with only one going to the
Web Server located in the DMZ.

Does this extra info help?

Thank you,

Joseph

-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Monday, March 25, 2002 3:03 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Staging Web Server

http://www.ISAserver.org


Hi Joseph,

I looked at the graphic you sent about your dual homed staging Web
server. Its looks like its got an interface on the DMZ and another
interface on the internal network. Is that right? Or, do you have two
interfaces on the "internal" ISA Server, both of them on the DMZ
network? 

If it's the former, I think that's not a top security config, because
even if IP routing isn't enabled on the staging server, someone with
control of the staging server will still have direct access to your
internal network.

HTH,
Tom
www.isaserver.org/shinder


 

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Staging Web Server
• » RE: Staging Web Server
• » RE: Staging Web Server
• » RE: Staging Web Server
• » RE: Staging Web Server
• » RE: Staging Web Server

1. Home
2. isalist
3. Archive
4. 03-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---