[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] DMZ advantages
Once your DMZ box is compromised, the attacker now has a user account on your internal domain. It's that simple. If you're trying to convince a manager or other executive-type of the risks involved, put it to them just like that. They don't need a technical explanation, they just want the facts. And this is a pretty nasty fact. Granted, there are proper restrictions that can be put in place, but restrictions must be put in place by an admin, engineer, etc., and even us network guys make mistakes every once and a while! Cheers Keith -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Friday, June 22, 2001 5:58 AM To: [email protected]; [email protected]; [email protected] Subject: RE: [FW1] DMZ advantages In practise, What risk do you see associated with allowing NBT(join domain) or smtp for that matter between your protected internal network and the protected DMZ, considering that NBT is not routable over the net and the second rule is explicit in allowing only the protected DMZ to the smtp server. I know its not ideal security wise, but how does one convince managers about the risk involved. -- Get your firstname@lastname email for FREE at http://Nameplanet.com/?su ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|