Tony, You should be fine. There is only so much you can do if you have a limited budget. You only open the needed ports, which are port 25 and 110. I wouldn't worry too much about your security at home.
I am glad I could answer some of your questions. John Shi -----Original Message----- From: Woods, Tony MHR:EX [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 11:25 AM To: NT 2000 Discussions Subject: RE: Sort of OT: DMZ Hi John, I have Port Forwarding for SMTP and POP3, but that's it. Internal DNS has all the internet Domain Name Servers in the DNS config so I think I'm pretty safe then, hey? I know nothing is 100% secure but... Thanks again for any input Cheers, Tony -----Original Message----- From: John Shi [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 11:14 AM To: NT 2000 Discussions Subject: RE: Sort of OT: DMZ Tony, I am more focus on the corporate network. When you talk about the security, there is no 100% security. More or less, you are exposing some risk to the outside. On your Linksys, do you open all traffic to your server? You might want to open the ports that is needed for your server to talk to outside. In your situation, your DNS does not even do any zone transfer. You basically use your internal DNS for name resolution. You actually use your secondary DNS for Internet domain name resolution. Suggestions: 1. If you need to do zone transfer, make sure you only open the needed UDP port for DNS zone transfer. 2. Make sure your server is not quite open for attack. Go the advanced property to open only necessarily port to whatever service you need. John Shi -----Original Message----- From: Woods, Tony MHR:EX [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 11:03 AM To: NT 2000 Discussions Subject: RE: Sort of OT: DMZ Question then, I have a small AD network at home and behind a Linksys firewall with one external IP. I have the one internal server hosting AD, DNS, DCHP... Etc. On the server, I have the Primary DNS pointing to itself and the secondary DNS pointing to the ISP. All internal machines receive DHCP with only the one DNS setting for the internal server. I can surf from any machine. Am I exposing anything at risk in this scenario? Cheers, Tony -----Original Message----- From: John Shi [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 10:52 AM To: NT 2000 Discussions Subject: RE: Sort of OT: DMZ I think it should be ok. Cisco suggests to put DNS on the DMZ. If you put the DNS in the inside network, then you would need to create a static accesss-list on your firewall/router to allow the DNS traffic to go out and come in. When you have a static access list for incoming traffic to come into your inside network, you are exposing your inside network to the outside. That is why it is good to put your DNS in the DMZ. By default, Cisco firewall does not allow DMZ traffic to come into the inside network unless you specifically state it. You can configure other firewalls to do so as well. You basic allow inside to go to DMZ, but not the other way around for security reason. John Shi -----Original Message----- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 6:18 AM To: NT 2000 Discussions Subject: Sort of OT: DMZ I have an Exchange Box in my DMZ running SMTP and OWA.... Is there any known problems with Hosting DNS on it ? Joshua Morgan PROFITLAB Senior Network Engineer PH: (864) 250-1350 Ext 133 Fax: (413) 581-4936 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info The greatest glory is not in never failing, but in rising up every time we fall. -- Confucius ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
