|
Domains do require a domain controller, but do NOT
require NETBEUI. TCP/IP alone will work just fine and the only reason to
use NETBEUI is for small unroutable networks.
An NT domain can span across subnets so create your
new subnet, and leave your domain structure as is. However, you WILL need
a WINS server since NETBIOS broadcasts can't cross routers.
----- Original Message -----
Sent: Tuesday, March 20, 2001 8:43
PM
Subject: Re: Beginners Guide to DMZs ??
Help! (NT domains)
Jesse,
Using a third interface in the PIX to create a DMZ will
give you better control over the accesses to the external servers including
the access you have for the Outlook Web Access. If you have control over
the router that connects you to the Internet you can install filters and other
security measures there too.
You
can use static NAT settings to map the server external address to internal
addresses, this is pretty straight forward.
As for your domain question, I'm no NT guru but why
would you set the DMZ servers up in a domain? Domains require things
like domain controllers and NetBEIU. Services and protocols you don't
really need but make great attack targets. Unless there is some kind of
authentication or trust you have to maintain why use a domain at all?
Less to maintain and less to worry about.
-- Bill Stackpole, CISSP
|
| "Jesse Rink"
<[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
03/20/01 06:50 PM
|
To:
<[EMAIL PROTECTED]>
cc:
Subject: Beginners Guide to
DMZs ?? Help! (NT domains) |
Question #3 - I've heard the NT domain
used in the DMZ should be
different than the NT domain used in the
internal private network.
Though, the DMZ can be used as a resource
domain if necessary, but
not the other way around. Can you shed some
light?
Hmm.. Am I making any sense? haha.. please let me know
and keep any
answers as detailed as possible since I seem to be a bit lost
here.
THANK YOU SO MUCH.
|
