Hello Ed, you know you and I will never agree on this :-) Your assuming that any compromise is worried about attacking domain controllers. Code red and alike did not give a hoot about DC's all it was concerned about was a buffer overrun in IIS. Betcha dollars to donuts there are a hellovalota unpatched webservers internal on peoples LANS compared to DMZs.
>>> [EMAIL PROTECTED] 22/07/2004 9:27:14 a.m. >>> Big deal. If it's compromized in the DMZ, they have access to domain controllers. If putting front-end servers in the DMZ makes you feel better, than so be it. That feeling doesn't mean that you're any safer. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Cunningham Sent: Wednesday, July 21, 2004 2:00 PM To: Exchange Discussions Subject: RE: DMZ ports for Front End Server You'll never convince me to do that ;-) if the FE is compromised, so is your whole network. At lease with it in the DMZ, you have some control over the ports and addresses it can connect internally to. What persuaded you to change? >>> [EMAIL PROTECTED] 22/07/2004 7:10:36 a.m. >>> It is not really THAT many ports, but we had these discussions here a bunch ot times and came to a conclusion that front-end in DMZ would not be a good thing to do. I actually used to be for the DMZ idea in the past but got persuaded to change my mind. If you still want to explore it, there are MS whitepapers on front-end/back-end Exchange configuration and on Exchange hosting that show all the ports that you will need to open. ********************************************************************** Have you clicked on yet? www.nrc.govt.nz ********************************************************************** NORTHLAND REGIONAL COUNCIL This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] ********************************************************************** _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
