[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] DMZ advantages
Basically, if anybody can exploit a host in your DMZ they can now have access to shares in your internal networks over the NBT connection you've got between your DMZ and your internal networks. As far as the SMTP is concerned, if you want to receive email from external you have to allow some form of mail protocol in either directly or indirectly thru a dmz connection to the inside and I, certainly, much prefer the idea of the dmz being the drop-off point for external email first then directly routing to the inside. Just my $.02. Kevin Martin Bank of America [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Friday, June 22, 2001 4:58 AM To: [email protected]; [email protected]; [email protected] Subject: RE: [FW1] DMZ advantages In practise, What risk do you see associated with allowing NBT(join domain) or smtp for that matter between your protected internal network and the protected DMZ, considering that NBT is not routable over the net and the second rule is explicit in allowing only the protected DMZ to the smtp server. I know its not ideal security wise, but how does one convince managers about the risk involved. -- Get your firstname@lastname email for FREE at http://Nameplanet.com/?su ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|