RE: [ActiveDir] OT?

Mon, 04 Nov 2002 08:43:23 -0800

Title: RE: [ActiveDir] OT?

Curious.. I notice all the MS docs for ISA and proxy say to do it with 2 nics.. And you cant do any packet filtering or stateful inspection with one nic in the server.

Ive also found Linux proxy documentation showing the same thing.

-----Original Message-----
From: Roger Seielstad [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 04, 2002 10:34 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT?


Because the 2 NIC solution results in a box bridging your firewall. In other words, your firewall is no longer the only path between your internal and external networks.

That's generally a bad idea.

------------------------------------------------------
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA


> -----Original Message-----
> From: MHR(Michael Ross) [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 04, 2002 10:06 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: [ActiveDir] OT?
>
>
> Can you explain why?
>
> -----Original Message-----
> From: Roger Seielstad [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 04, 2002 9:04 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] OT?
>
>
> You were told correctly.
>
> One NIC in the DMZ is the better choice.
>
> ------------------------------------------------------
> Roger D. Seielstad - MCSE
> Sr. Systems Administrator
> Inovis - Formerly Harbinger and Extricity
> Atlanta, GA
>
>
> > -----Original Message-----
> > From: MHR(Michael Ross) [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, November 04, 2002 9:55 AM
> > To: '[EMAIL PROTECTED]'
> > Subject: [ActiveDir] OT?
> >
> >
> > I dunno if this is off topic..
> > but which is more secure?
> > a proxy (or isa server), with 1 NIC in a DMZ,   or a server
> > with 2 NICs .. one in the DMZ, one on the internal LAN..
> > internal NIC has no default gateway.
> > External NIC has WINS, SERVER service, Workstation service
> > unbound from the NIC.
> > 
> > im told a dual NICd proxy is a hole in the firewall.
> >
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ    : http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%> 40mail.activedir.org/
>
>
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to