NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] DMZ advantages



Setup a REMBO server out of band.
Setup your bastions to be imaged/reimaged under the control of the REMBO server.
If you are compromised, you have incremental partition images to choose from.

The only problem is that it is complicated to setup something like this and the bastions
cannot perform their functions while being imaged. 

REMBO has cross platform support.

If you want a cheap win32 method that is all manual, then you could just use ghost.
Slap in a hot plug ghost volume, reboot, ghost image, remove drive, reboot...
Then you can take the image elsewhere to be backed up by whatever system you
choose.

Adding a bastion/DMZ server to your domain seems like a REALLY bad idea to me.
Funny, I can't think of any reasons why.....heh

----- Original Message ----- 
From: "McCammon, Keith" <[email protected]>
To: <[email protected]>; <[email protected]>; <[email protected]>; <[email protected]>
Sent: Monday, June 25, 2001 9:21 AM
Subject: RE: [FW1] DMZ advantages


> 
> Once your DMZ box is compromised, the attacker now has a user account on
> your internal domain.  It's that simple.  If you're trying to convince a
> manager or other executive-type of the risks involved, put it to them just
> like that.  They don't need a technical explanation, they just want the
> facts.  And this is a pretty nasty fact.  Granted, there are proper
> restrictions that can be put in place, but restrictions must be put in place
> by an admin, engineer, etc., and even us network guys make mistakes every
> once and a while!
> 
> Cheers
> 
> Keith
> 
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: Friday, June 22, 2001 5:58 AM
> To: [email protected]; [email protected];
> [email protected]
> Subject: RE: [FW1] DMZ advantages
> 
> 
> 
> In practise, What risk do you see associated with allowing NBT(join domain)
> or 
> smtp for that matter between your protected internal network and the
> protected 
> DMZ, considering that NBT is not routable over the net and the second rule
> is 
> explicit in allowing only the protected DMZ to the smtp server. 
> 
> I know its not ideal security wise, but how does one convince managers about
> 
> the risk involved.
> 
> 
> -- 
> Get your firstname@lastname email for FREE at http://Nameplanet.com/?su
> 
> 
> ============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 
> 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.