On Mon, 18 Dec 2000, BabuVS-SecurityConsultant-Bangalore wrote:
> Hi All,
> Please help me in solving this issue.
> Can we place the Secure ID server
> in DMZ? Firewall used is Checkpoint Firewall-1.
It'd probably be a pretty bad idea.
> Do we need any other components for connectivty?
> Please let me know the configuration details.
At least a screening router to stop external machines for hitting the
authentication server, probably better to house it on it's own network off
an additional interface- you _should_ have the screen for that case as
well. I'd put it on an RFC 1918 network on a seperate NIC with a
crossover cable if it were me.
That's probably true of any authentication server that doesn't need
world-wide access, and it's best to make a design where that's the rule.
DoS attacks against ACE servers were addressed as I recall by RSADSI
saying "Don't expose the auth. server."
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
