RE: Secure ID Server in DMZ

Sun, 17 Dec 2000 22:19:11 -0800 

I concur with Tim, having a SecurID server on the DMZ is not a good idea.
If you need to protect an external server, you may not be able to proxy
SecurID packets, you may need to tunnel them.  Radius you may be able to
proxy.

The SecurID servers and various other critical infrastructure machines
should be in a protected environment since they will be subject to attack,
both denial of service and subverting the security types.

-----Original Message-----
From: Tim M. Crawford [mailto:[EMAIL PROTECTED]]
Sent: Sunday, December 17, 2000 11:08 PM
To: BabuVS-SecurityConsultant-Bangalore; [EMAIL PROTECTED]
Subject: RE: Secure ID Server in DMZ


You can...the question is: Would you want to? I wouldn't recommend that you
put authentication servers in your DMZ, but rather, put them behind your
firewall.

But if you have to put them in the DMZ (Obviously, I don't know all of your
requirements), it can be done with FW-1.

Tim

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
BabuVS-SecurityConsultant-Bangalore
Sent: Sunday, December 17, 2000 8:01 PM
To: [EMAIL PROTECTED]
Subject: Secure ID Server in DMZ


Hi All,
        Please help me in solving this issue.
Can we place the Secure ID server
in DMZ? Firewall used is Checkpoint Firewall-1.
Do we need any other components for connectivty?
Please let me know the configuration details.

Thanks & Regds.,
Babu
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.         
*****************************************************************************
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to