Nt
domains don�t need the NETBEUI protocol at all.
-----Mensaje original-----
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Enviado el: Martes, 20 de Marzo de 2001 10:43 p.m.
Para: [EMAIL PROTECTED]; [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Asunto: Re: Beginners Guide to DMZs ?? Help! (NT domains)
Jesse,
Using a third interface in the PIX to create a DMZ will give you better control over the accesses to the external servers including the access you have for the Outlook Web Access. If you have control over the router that connects you to the Internet you can install filters and other security measures there too.
You can use static NAT settings to map the server external address to internal addresses, this is pretty straight forward.
As for your domain question, I'm no NT guru but why would you set the DMZ servers up in a domain? Domains require things like domain controllers and NetBEIU. Services and protocols you don't really need but make great attack targets. Unless there is some kind of authentication or trust you have to maintain why use a domain at all? Less to maintain and less to worry about.
-- Bill Stackpole, CISSP
"Jesse Rink" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]03/20/01 06:50 PM
To: <[EMAIL PROTECTED]>
cc:
Subject: Beginners Guide to DMZs ?? Help! (NT domains)
Question #3 - I've heard the NT domain used in the DMZ should be
different than the NT domain used in the internal private network.
Though, the DMZ can be used as a resource domain if necessary, but
not the other way around. Can you shed some light?
Hmm.. Am I making any sense? haha.. please let me know and keep any
answers as detailed as possible since I seem to be a bit lost here.
THANK YOU SO MUCH.
