RE: [SonicWALL]- [SonicWall] backup the DMZ

[John Tolmachoff]

Title: Message

http://www.blackhat.com/presentations/win-usa-01/Shultz-LeBlanc/w2k-01-shultz-leblanc-Foiling-JD.ppt http://searchwin2000.techtarget.com/searchWin2000/downloads/Implementing_a_Secure_ISA_Server.ppt http://www.xinetica.com/tech_explained/general/hacking_dmz/wp_hacking_dmz.htm http://www.lbl.gov/ICSD/Security/guidelines/iis-server.html   If was as easy and secure as mapping drives from internal to DMZ, don’t you think everyone would be doing that?   Mapped drives require shares. Shares are easy and frequent targets. (I am sure you are not mapping to default $.) A mapped drive, if I am not mistaken, is an always available connection. That would seem to be inviting a hack.   If it so easy for you to set it up, that translates into easy for someone else to do the same, is it not?   Of course, I could be way off base, being that I am still green, having only been in Networking for about 1 � years now.   I am sure someone else can clear the air.   John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA  92835 714-578-7999, ext. 104 [EMAIL PROTECTED] www.reliancesoft.com     -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, June 18, 2002 7:56 AM To: [EMAIL PROTECTED] Subject: RE: [SonicWALL]- [SonicWall] backup the DMZ   Maybe I'm missing something - not sure how it'd be "asking for trouble".   Netbios is enabled from LAN to DMZ.  Disabled everywhere else.  Default rules from WAN are disallow, only a few services opened up in rules.   Machines in DMZ can't map drives back out to LAN, only from LAN can map a drive.  Machines in DMZ are standalone servers, not part of the domain, no accounts anywhere even close to any accounts on the domain in the LAN.  Passwords are all 15 character randomly generated alpha numeric with other printable characters thrown in.   Don't need an LMHOSTS file because I've got static entries in my WINS servers for machine names / IP's in the DMZ that the LAN clients leverage for name lookups to the external addresses.   If I'm missing something obvious, please point out the trees for the forest to me. J   J     -----Original Message----- From: John Tolmachoff [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002 9:37 AM To: [EMAIL PROTECTED] Subject: RE: [SonicWALL]- [SonicWall] backup the DMZ   NetBIOS enabled in the DMZ? Is that asking for trouble?   Why not use a LMHOSTS file instead?   John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA  92835 www.reliancesoft.com   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, June 18, 2002 7:23 AM To: [EMAIL PROTECTED] Subject: RE: [SonicWALL]- [SonicWall] backup the DMZ   Just thought I'd update this - using Veritas Backup Exec 8.5, I am able to go from a machine internally on the LAN to a machine in the DMZ.  I have static entries in my WINS database for my DMZ machines with their public IP's so the internal clients can get at them via name, and the netbios enabled from LAN to DMZ.   J     -----Original Message----- From: Jason Alba [mailto:[EMAIL PROTECTED]] Sent: Monday, June 10, 2002 4:10 PM To: [EMAIL PROTECTED] Subject: [SonicWALL]- [SonicWall] backup the DMZ   Is anyone backing up a server on the DMZ through the firewall on the LAN?  How?   Jason Alba IT Manager tel: 208.232.8599 x323 fax: 208.232.6068 http://www.varsitycontractors.com