> I agree with Darrel, that it is dangerous to have servers and workstations > in the DMZ.
Although this will solicit different responces from different people based upon their view of Windows OS, the blanket statement that it is dangerous to use a DMZ is blatantly false. Enterprise class corporations around the global use DMZ zones safely and securely all the time irregardless of the OS in use, whether nix, Windows, Sun or even MAC. If this were not true, why would Enterprise class firewalls such as Cisco, Sonicwall, Checkpoint and others actively support DMZ zones and there use? As it is, the best practices for an Exchange server farm including FE/BE dictates that the FE servers are in a DMZ and the BE in the LAN, sometimes connected using VPNs. Likewise, domains are used in the DMZ quite frequently. IMO, it makes administration of them easier. I do always recommend that the DMZ be in a separate domain for security. What it does all boil down to is the diligence and knowledge of those responsible for the DMZ and its configuration. (Meaning from the implementer to the policy creator to the CEO.) John T eServices For You To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
