NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] DMZ advantages



Once your DMZ box is compromised, the attacker now has a user account on
your internal domain.  It's that simple.  If you're trying to convince a
manager or other executive-type of the risks involved, put it to them just
like that.  They don't need a technical explanation, they just want the
facts.  And this is a pretty nasty fact.  Granted, there are proper
restrictions that can be put in place, but restrictions must be put in place
by an admin, engineer, etc., and even us network guys make mistakes every
once and a while!

Cheers

Keith

-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Friday, June 22, 2001 5:58 AM
To: [email protected]; [email protected];
[email protected]
Subject: RE: [FW1] DMZ advantages



In practise, What risk do you see associated with allowing NBT(join domain)
or 
smtp for that matter between your protected internal network and the
protected 
DMZ, considering that NBT is not routable over the net and the second rule
is 
explicit in allowing only the protected DMZ to the smtp server. 

I know its not ideal security wise, but how does one convince managers about

the risk involved.


-- 
Get your firstname@lastname email for FREE at http://Nameplanet.com/?su


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.