Hi, I'm still waiting your comments, really ... --- Skar <[EMAIL PROTECTED]> wrote: > Hi, > I am evaluating to implement a new W2K domain for > DMZ > machines, and need some advice. > There are some reasons/issues including advantages > and disadvantages: > * There are more than hundred of machines located > within the DMZs. > * There is a need for proper update mechanism of > servicepacks and fixes. > * Users are locally managed/administered within > these > machines, thefore one needs to properly secure these > user-names and passwords for hundreds of machines. > (and enforce some security settings) > * For DMZ, u need to manually manage users. > * One can not know that if the application > programmer > or developer is using his user-id to logon or > running > the applications. > * There are no profiles within the systems. > * Different developers or application managers can > not > be grouped. > * Sec. Administrators or security operators can make > mistakes for individually managing the PCs. > * Centrally logging/reporting/alarming. > * Some deliberate or urgent actions can�t be taken > within the individual macs. > -- There�s a security risk associated with W2K > domain > installation. Hence, there�s no trust of this > DMZdomain with any other domain. > -- If the W2K domain is comprimised there�s a big > big > risk.. > -- Related ports need to be opened within the DMZs. > -- To decrease the security, u can put the ADS DCs > within the DMZs. However, by placing DCs to DMZ, > servers located with the DMZ of other firewalls may > have access problems. > -- Extra HW/SW investment including redundant/backup > DCs. > -- Some applications security need to be harvested. > -- Virus/vandal risk as for the open ports. > -- General security belief, �never open the ports > for > smb� > > > > ===== > ------------ > Sick Boy > > __________________________________ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product > search > http://shopping.yahoo.com > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > =================================================
===== ------------ Sick Boy __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
