Solved

DMZ VS. One to One NAT

Posted on 2004-10-16
3
290 Views
Last Modified: 2010-05-18
I have a couple questions about setting up Windows 2k servers.  
1)  What are the security differences between using One-to-One NAT through a Sonicwall Firewall and Using dual NIC servers utilizing the DMZ port (as well as an internal connection)?
2)  I have monitoring software running on the server and when set up utilizing the DMZ and and internal connection (dual NIC)the server fails when trying to monitor internal resources?
3)  When running Poject Web Access will I have problems with Domain Authentication when accessing through DMZ from an external address.
0
Comment
Question by:chadman66
  • 2
3 Comments
 
LVL 15

Accepted Solution

by:
adamdrayer earned 250 total points
ID: 12328910
>>Using dual NIC servers utilizing the DMZ port (as well as an internal connection)?

This is not advisable.  The DMZ (DeMilitarized Zone) has very little or no security from the internet.  The Firewall does very little to block any hurtful requests.  You should NOT connect this computer physically to the internal network.  All communications in and out of the internal network needs to be forced through the firewall.  Connecting your internal network to the DMZ basically invalidates the security of the firewall.  
0
 

Author Comment

by:chadman66
ID: 12329169
If a computer is setup with a dual NIC, one on the internal Network and one one the DMZ and the computer is infected by a virus\trojan\worm would the internal network be at risk of this infection?
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12329319
yep.  actually, connecting the DMZ to the internal network sorta makes every single computer on the network "in the DMZ" by definition.  internal networks should have well defined boundries on all sides by firewalls.
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Join & Write a Comment

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now