Definitely. The purpose of a DMZ is to provide an area at a specified security level that is less secure than the internal network, but more than the public network. That way desired services can be delivered from the DMZ, but are secured as much as possible, while the internal network is protected if the DMZ is compromised.
That said, I've never seen a need to put a workstation in a DMZ. Services should generally be placed on servers, which are protected by locking down everything not absolutely needed and placed in the DMZ. Darin. ----- Original Message ----- From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Monday, April 04, 2005 3:09 PM Subject: RE: [IMail Forum] OT: Web/Mail Server in a Windows Domain > I agree with Darrel, that it is dangerous to have servers and workstations > in the DMZ. Although this will solicit different responces from different people based upon their view of Windows OS, the blanket statement that it is dangerous to use a DMZ is blatantly false. Enterprise class corporations around the global use DMZ zones safely and securely all the time irregardless of the OS in use, whether nix, Windows, Sun or even MAC. If this were not true, why would Enterprise class firewalls such as Cisco, Sonicwall, Checkpoint and others actively support DMZ zones and there use? As it is, the best practices for an Exchange server farm including FE/BE dictates that the FE servers are in a DMZ and the BE in the LAN, sometimes connected using VPNs. Likewise, domains are used in the DMZ quite frequently. IMO, it makes administration of them easier. I do always recommend that the DMZ be in a separate domain for security. What it does all boil down to is the diligence and knowledge of those responsible for the DMZ and its configuration. (Meaning from the implementer to the policy creator to the CEO.) John T eServices For You To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
