Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Management server placement

To: "'John Gesualdi'" <[email protected]>, fw <[email protected]>
Subject: RE: [FW1] Management server placement
From: "Little, Craig (SSI-SIAP-NP5)" <[email protected]>
Date: Wed, 6 Sep 2000 10:49:45 +1200
Sender: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John,

I used to have my management station in the protected network until I
ran into some routing problems with remote firewalls. In order to
solve the problems, I placed the MS in a DMZ. I have 3 DMZ's, and I
placed it in the most secure of those DMZ's. The problem with placing
it in an 'ordinary' DMZ with web servers, mail servers etc is that if
one of those machines becomes compromised, it is possible to launch
an attack from a compromised box to the management console. The DMZ I
placed the MS in only has Cisco routers which encrypt traffic with
other sites. The rules for that DMZ are very strict - only other
routers are allowed to talk to my Cisco's (known by IP), and only a
nominated GUI workstation is allowed to talk to the MS. This reduces
the possibility of someone getting access to the MS and compromising
your network.

Craig.


- -----Original Message-----
From: John Gesualdi [mailto:[email protected]]
Sent: Wednesday, 6 September 2000 12:52 a.m.
To: fw
Subject: [FW1] Management server placement






    Should the management server be on the internal network behind
the Firewall
module of should it be located on the DMZ network?

Thanks.



- --
John Gesualdi
The Providence Journal Company
PhonePagerCCDP,CCNP




======================================================================
==========
     To unsubscribe from this mailing list, please see the
instructions at
               http://www.checkpoint.com/services/mailing.html
======================================================================
==========

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBObTPFoAS1Tpq5ZYvEQKQHgCg9uvuL+mdzaR7dYtPeBlSpmMvpuMAn3FX
pgN0cTuv31wcrwWnJsxSz+9Q
=wqIj
-----END PGP SIGNATURE-----


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Reporting module installation in StanAlone mode
Next by Date: SV: [FW1] Adding a new license
Previous by thread: [FW1] Management server placement
Next by thread: [FW1] Routing functionality
Index(es):
- Date
- Thread