RE: Meraki

After a little talking to a sales drone (quite nice they let me initiate the conversation) I found out that if the Cloud Management License lapses by 90+ days then the AP will stop passing traffic. I don't know yet if that would be good thing or bad. I guess I will have to actually do some te

RE: Keeping 550+ systems maintained

So, if I could summarise your requirements, and current state: Machines: In Office Remote: once-per-day connectivity Remote: once-per-month connectivity Remote: no connectivity 450 ~30 ~30 ~30 Requirement Metric Compliance Update AV Within 24 hours of release 100% of machines. Weekly

Re: Difference between port forwarding and DMZ

That's certainly a major improvement. And, if all that's happening is that managed machines are initiating the conversations to the machine in the DMZ, that should be sufficient, as long as the machine in the DMZ can't initiate conversations with the production subnets, I'd probably be fairly comf

RE: Difference between port forwarding and DMZ

In general (not specifically to address this RDS issue): You could create a second Forest in the DMZ, which trusts the internal Forest, but not the other way around. Whilst the host In the DMZ would have FW ports open to internal hosts, it has no access, per se, to any internal hosts, and simply

Re: OT: Happy PI Day!

I'd rather be transcendental... Kurt On Thu, Mar 14, 2013 at 12:05 PM, James Edwards wrote: > Remember celebrate Pi Day by being irrational. > > Jim > > > > > On 3/14/13 10:54 AM, Kurt Buff wrote: >> >> I'm waiting for Tau day: >> >> http://tauday.com/tau-manifesto >> >> Pi are squared? >> >> No

Re: Keeping 550+ systems maintained

Have you considered packaging those Firefox/Adobe etc apps up with App-V or something? It certainly mitigates some of the risk given that the packaged app can't interact heavily with the underlying OS due to the SystemGuard feature. When a client system checks in, it could then pick up the updat

RE: Keeping 550+ systems maintained

Excellent questions Ken, thanks. Up to date at this point means 1. Current (within 1 day) of anti-virus signatures 2. Have the latest Acrobat/Java/Firefox/Chrome updates within two weeks 3. Successful backups (we use Tivoli to back up endpoints) 4. Weekly report to conf

RE: Difference between port forwarding and DMZ

+1 -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Thursday, March 14, 2013 2:44 PM To: NT System Admin Issues Subject: RE: Difference between port forwarding and DMZ Put an SSL reverse proxy in the DMZ and tunnel that to the RDS Gateway -Original M

RE: Difference between port forwarding and DMZ

Citrix handles this via TCP port 443. It also depends on if you are using CSG, CAG or NetScaler in the DMZ. No matter what, CSG/CAG/NS pass 443 thru to the Web Interface which is usually in the internal LAN and WI contacts the XML Broker service on your Collector or Controller (XenDesktop or X

RE: Difference between port forwarding and DMZ

Kurt hit the bingo... what I was covering from a "evil prespective" earlier... Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and

Re: OT: Happy PI Day!

Remember celebrate Pi Day by being irrational. Jim On 3/14/13 10:54 AM, Kurt Buff wrote: I'm waiting for Tau day: http://tauday.com/tau-manifesto Pi are squared? No, cornbread are square, pie are round... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~

Re: Difference between port forwarding and DMZ

Section 2.2 says "This is a more secure approach because an attacker has to break both firewalls in order to get to the internal network." This is incorrect. All he has to do is subvert the machine in the DMZ, and he has access to all of the resources in the production network to which the machine

RE: Difference between port forwarding and DMZ

Correct. How does Citrix handle this? Member server in the DMZ yes? -Original Message- From: Webster [mailto:webs...@carlwebster.com] Sent: Thursday, March 14, 2013 11:43 AM To: NT System Admin Issues Subject: RE: Difference between port forwarding and DMZ And you make swiss cheese of yo

RE: Difference between port forwarding and DMZ

Put an SSL reverse proxy in the DMZ and tunnel that to the RDS Gateway -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Thursday, March 14, 2013 2:37 PM To: NT System Admin Issues Subject: RE: Difference between port forwarding and DMZ " I'll make another sweeping sta

RE: Difference between port forwarding and DMZ

And no longer have a DMZ by my definition. You just have another subnet for your domain. -Original Message- From: Webster [mailto:webs...@carlwebster.com] Sent: Thursday, March 14, 2013 2:45 PM To: NT System Admin Issues Subject: RE: Difference between port forwarding and DMZ And you ma

RE: Difference between port forwarding and DMZ

And you make swiss cheese of your firewall. Thanks Webster > -Original Message- > From: David Lum [mailto:david@nwea.org] > Sent: Thursday, March 14, 2013 1:35 PM > To: NT System Admin Issues > Subject: RE: Difference between port forwarding and DMZ > > " I'll make another sweeping

RE: Difference between port forwarding and DMZ

" I'll make another sweeping statement here: Don't put any machine in the DMZ that requires membership in your production domain. At that point you don't have a DMZ, you merely have another subnet of your production network, and basically no protection." How does this work, then? RDS Gateway se

Re: OT: Happy PI Day!

I'm waiting for Tau day: http://tauday.com/tau-manifesto Pi are squared? No, cornbread are square, pie are round... Kurt On Thu, Mar 14, 2013 at 10:03 AM, Heaton, Joseph@Wildlife wrote: > In case someone out there didn’t know… > > > > Joe Heaton > > Enterprise Server Support > > CA Department

Re: Difference between port forwarding and DMZ

On Thu, Mar 14, 2013 at 8:22 AM, David Lum wrote: > What’s the risk difference between a server in a DMZ (firewalls on each end) > and port forwarding from the Internet to a machine inside a network > perimeter? Scenario : I have PC’s that use port to talk to a management > server, I’m wonder

RE: Difference between port forwarding and DMZ

“Depending on the configuration of the DMZ.” This is an important point. Once the box in the DMZ is popped what traffic from it is allowed to the internal network needs to be considered. From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Thursday, March 14, 2013 11:33 AM To: NT

RE: Difference between port forwarding and DMZ

I will make some assumptions. 1) You have allowed the port forwarding through the firewall ( therefore no inspection into the traffic to truly determine if it is what it proports to be) 2) If I can compromise the box in the DMZ, then I can use this to push into the Internal network

Re: Difference between port forwarding and DMZ

Big difference. If the Management server resides on the internal LAN, and it gets hacked, it has direct access to the LAN. If it resides on a DMZ, and gets hacked, it only has direct access to other machines on the same DMZ subnet, it is isolated from the Internal LAN. Depending on the configur