RE: [FW1] Management server placement

Tue, 05 Sep 2000 15:57:23 -0700 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John,

I used to have my management station in the protected network until I
ran into some routing problems with remote firewalls. In order to
solve the problems, I placed the MS in a DMZ. I have 3 DMZ's, and I
placed it in the most secure of those DMZ's. The problem with placing
it in an 'ordinary' DMZ with web servers, mail servers etc is that if
one of those machines becomes compromised, it is possible to launch
an attack from a compromised box to the management console. The DMZ I
placed the MS in only has Cisco routers which encrypt traffic with
other sites. The rules for that DMZ are very strict - only other
routers are allowed to talk to my Cisco's (known by IP), and only a
nominated GUI workstation is allowed to talk to the MS. This reduces
the possibility of someone getting access to the MS and compromising
your network.

Craig.


- -----Original Message-----
From: John Gesualdi [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 6 September 2000 12:52 a.m.
To: fw
Subject: [FW1] Management server placement






    Should the management server be on the internal network behind
the Firewall
module of should it be located on the DMZ network?

Thanks.



- --
John Gesualdi
The Providence Journal Company
Phone  (401)277-8133
Pager  (401)785-6938
CCDP,CCNP




======================================================================
==========
     To unsubscribe from this mailing list, please see the
instructions at
               http://www.checkpoint.com/services/mailing.html
======================================================================
==========

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBObTPFoAS1Tpq5ZYvEQKQHgCg9uvuL+mdzaR7dYtPeBlSpmMvpuMAn3FX
pgN0cTuv31wcrwWnJsxSz+9Q
=wqIj
-----END PGP SIGNATURE-----


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to