-----Original Message-----
From: MHR(Michael Ross) [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 04, 2002 10:40 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT?Curious.. I notice all the MS docs for ISA and proxy say to do it with 2 nics.. And you cant do any packet filtering or stateful inspection with one nic in the server.
Ive also found Linux proxy documentation showing the same thing.
-----Original Message-----
From: Roger Seielstad [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 04, 2002 10:34 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT?
Because the 2 NIC solution results in a box bridging your firewall. In other words, your firewall is no longer the only path between your internal and external networks.
That's generally a bad idea.
------------------------------------------------------
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA
> -----Original Message-----
> From: MHR(Michael Ross) [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 04, 2002 10:06 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: [ActiveDir] OT?
>
>
> Can you explain why?
>
> -----Original Message-----
> From: Roger Seielstad [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 04, 2002 9:04 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] OT?
>
>
> You were told correctly.
>
> One NIC in the DMZ is the better choice.
>
> ------------------------------------------------------
> Roger D. Seielstad - MCSE
> Sr. Systems Administrator
> Inovis - Formerly Harbinger and Extricity
> Atlanta, GA
>
>
> > -----Original Message-----
> > From: MHR(Michael Ross) [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, November 04, 2002 9:55 AM
> > To: '[EMAIL PROTECTED]'
> > Subject: [ActiveDir] OT?
> >
> >
> > I dunno if this is off topic..
> > but which is more secure?
> > a proxy (or isa server), with 1 NIC in a DMZ, or a server
> > with 2 NICs .. one in the DMZ, one on the internal LAN..
> > internal NIC has no default gateway.
> > External NIC has WINS, SERVER service, Workstation service
> > unbound from the NIC.
> >
> > im told a dual NICd proxy is a hole in the firewall.
> >
> List info : http://www.activedir.org/mail_list.htm
> List FAQ : http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%> 40mail.activedir.org/
>
>
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Title: RE: [ActiveDir] OT?
Yes
... just have to make sure the box isn't routing between the NICs.
However, realize that if the box is compromised, so is your internal
network since you've bypassed your firewall with the multi-NIC
configuration. Make sure your proxy directs its internal traffic the the
firewall to help block some of what makes it through.
- [ActiveDir] OT? MHR(Michael Ross)
- RE: [ActiveDir] OT? Roger Seielstad
- RE: [ActiveDir] OT? MHR(Michael Ross)
- RE: [ActiveDir] OT? Roger Seielstad
- RE: [ActiveDir] OT? MHR(Michael Ross)
- RE: [ActiveDir] OT? Dave Kinnamon
- RE: [ActiveDir] OT? MHR(Michael Ross)
- RE: [ActiveDir] OT? Roger Seielstad
- RE: [ActiveDir] OT? MHR(Michael Ross)
- RE: [ActiveDir] OT? Roger Seielstad
- RE: [ActiveDir] OT? MHR(Michael Ross)
- RE: [ActiveDir] OT? Rick Kingslan
- RE: [ActiveDir] OT? Roger Seielstad
- RE: [ActiveDir] OT? Roger Seielstad
