Hello all,
I'm trying to decide whether to connect my RAS server for remote employees in a DMZ environment or to allow it to connect to the internal segment. I'm not sure how much this will protect me since we are in a w2000 environment. Looks like this now:
-------------------
-Internal Net-
------------------- ------------- ------
---------eth1--------Firewall----------eth0-----------isp------------
------------- ------
Right now the Ras server is connected to the internal net and needs to be replaced. I inherited this machine and has way to many services running on it (file&print,exchange,trend virus scan) so I'm splitting it to multiple boxes. The RAS server is an access point that I'm not sure how to deal with. Part of my brain says put it in it's own dmz and lock the hell out of it but another part says that no one dials up to hack a standalone server? So what I'd like to know is should I do it as:
-------------------
-Internal Net-
------------------- ------------- ------
---------eth1--------Firewall----------eth0-----------isp------------
------------- ------
---------eth3-------/
------------------
-RasDMZ----
-----------------
What does the list think is best? While the costs involved are small, the admin overhead is always a problem since I'm the one who has to make sure it works day in and day out.
BTW. The FW is Checkpoint running on NT. (You should have seen it when I started, the NT OS wasn't even hardened!).
Michael Cessna
Systems Administrator
RealTime Media
308 Lancaster Ave.
Wynnewood, PA 19096
p.610-896-9400 x308
f.610-896-9416
[EMAIL PROTECTED]
www.realtimemedia.com
www.prizes.com
