“Depending on the configuration of the DMZ.” This is an important point. Once the box in the DMZ is popped what traffic from it is allowed to the internal network needs to be considered.
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Thursday, March 14, 2013 11:33 AM To: NT System Admin Issues Subject: Re: Difference between port forwarding and DMZ Big difference. If the Management server resides on the internal LAN, and it gets hacked, it has direct access to the LAN. If it resides on a DMZ, and gets hacked, it only has direct access to other machines on the same DMZ subnet, it is isolated from the Internal LAN. Depending on the configuration of the DMZ. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com<mailto:> [cid:image001.jpg@01CE20A8.D9CAE370] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> From: David Lum <david....@nwea.org> To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> Date: 03/14/2013 11:23 AM Subject: Difference between port forwarding and DMZ ________________________________ What’s the risk difference between a server in a DMZ (firewalls on each end) and port forwarding from the Internet to a machine inside a network perimeter? Scenario : I have PC’s that use port xxxx to talk to a management server, I’m wondering of that server needs to be in the DMZ (with that port opened), or if forwarding that port through is functionally the same thing? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>