I am expecting requests to install several NT servers (services unknown)
for public access. Of course, I would like to put them on the DMZ directly
off the firewall rather than leave them behind the firewall with everything
else, and I can't very well put them in front of the firewall. Since they
are NT servers, I would also like to put them all on one subnet and let
them fight it out when they get compromised, but that is not really a good
idea. Or is it?
What do people do when they have several groups of NT servers? I can put
several NT domains on one subnet, but the access rules differ - one group
wants only Citrix access, another group wants http and ftp, etc. By the
time I let all this stuff through to subnet X, I expect much of the
security would be lost. If I give each group their own subnet, I will run
out of physical ports and address space very quickly. How important is it
to protect groups of NT machines from each other? What is the usual
arrangement?
hermit1
***************************************************
This is an email. Don't rely on anything seen here
as being accurate without testing it yourself.
***************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
