Which one did you join? Swynk or Sunbelt? -----Original Message----- From: Dean Cunningham [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 7:25 PM To: NT 2000 Discussions Subject: RE: Sort of OT: DMZ
oh , i am joined, just have not revisited this one for a while. I am still a firm believer with 5.5 that it is OWA in DMZ and exchange internal. As we have yet to move to 2000 I haven't been hanging out there a lot lately. got a thread name on the exchange list I can peruse (a got a months worth of emails to search thru :-) ) cheers Dean -----Original Message----- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 4 June 2002 1:29 p.m. To: NT 2000 Discussions Subject: RE: Sort of OT: DMZ You could pull of a pretty decent exploit that way. You guys should join the Exchange server list. We get into this discussion about once every week. -----Original Message----- From: Dean Cunningham [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 4:35 PM To: NT 2000 Discussions Subject: RE: Sort of OT: DMZ explain "all bets are off" -----Original Message----- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 4 June 2002 7:20 a.m. To: NT 2000 Discussions Subject: RE: Sort of OT: DMZ You would need to have ports 135, 1225, and 1226 Port 135 is the RPC End Point Mapper. Once that is open, all bets are off. -----Original Message----- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 11:22 AM To: NT 2000 Discussions Subject: RE: Sort of OT: DMZ I only have 2 ports open between the DMZ and the "Real World" and only 3 ports open between DMZ and Inside... Why such a security risk? Joshua Morgan PH: (864) 250-1350 Ext 133 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info -----Original Message----- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 2:20 PM To: NT 2000 Discussions Subject: RE: Sort of OT: DMZ You couldn't be putting the server at too much more risk after putting Exchange out there already. The ports that have been opened between the DMZ and the LAN have pretty much negated the security of the DMZ by now. -----Original Message----- From: John Shi [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 11:14 AM To: NT 2000 Discussions Subject: RE: Sort of OT: DMZ Tony, I am more focus on the corporate network. When you talk about the security, there is no 100% security. More or less, you are exposing some risk to the outside. On your Linksys, do you open all traffic to your server? You might want to open the ports that is needed for your server to talk to outside. In your situation, your DNS does not even do any zone transfer. You basically use your internal DNS for name resolution. You actually use your secondary DNS for Internet domain name resolution. Suggestions: 1. If you need to do zone transfer, make sure you only open the needed UDP port for DNS zone transfer. 2. Make sure your server is not quite open for attack. Go the advanced property to open only necessarily port to whatever service you need. John Shi -----Original Message----- From: Woods, Tony MHR:EX [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 11:03 AM To: NT 2000 Discussions Subject: RE: Sort of OT: DMZ Question then, I have a small AD network at home and behind a Linksys firewall with one external IP. I have the one internal server hosting AD, DNS, DCHP... Etc. On the server, I have the Primary DNS pointing to itself and the secondary DNS pointing to the ISP. All internal machines receive DHCP with only the one DNS setting for the internal server. I can surf from any machine. Am I exposing anything at risk in this scenario? Cheers, Tony -----Original Message----- From: John Shi [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 10:52 AM To: NT 2000 Discussions Subject: RE: Sort of OT: DMZ I think it should be ok. Cisco suggests to put DNS on the DMZ. If you put the DNS in the inside network, then you would need to create a static accesss-list on your firewall/router to allow the DNS traffic to go out and come in. When you have a static access list for incoming traffic to come into your inside network, you are exposing your inside network to the outside. That is why it is good to put your DNS in the DMZ. By default, Cisco firewall does not allow DMZ traffic to come into the inside network unless you specifically state it. You can configure other firewalls to do so as well. You basic allow inside to go to DMZ, but not the other way around for security reason. John Shi -----Original Message----- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 6:18 AM To: NT 2000 Discussions Subject: Sort of OT: DMZ I have an Exchange Box in my DMZ running SMTP and OWA.... Is there any known problems with Hosting DNS on it ? Joshua Morgan PROFITLAB Senior Network Engineer PH: (864) 250-1350 Ext 133 Fax: (413) 581-4936 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info The greatest glory is not in never failing, but in rising up every time we fall. -- Confucius ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ********************************************************************** This email is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz ********************************************************************** ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ********************************************************************** This email is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz ********************************************************************** ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
