Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 331
  • Last Modified:

DMZ VS. One to One NAT

I have a couple questions about setting up Windows 2k servers.  
1)  What are the security differences between using One-to-One NAT through a Sonicwall Firewall and Using dual NIC servers utilizing the DMZ port (as well as an internal connection)?
2)  I have monitoring software running on the server and when set up utilizing the DMZ and and internal connection (dual NIC)the server fails when trying to monitor internal resources?
3)  When running Poject Web Access will I have problems with Domain Authentication when accessing through DMZ from an external address.
0
chadman66
Asked:
chadman66
  • 2
1 Solution
 
adamdrayerCommented:
>>Using dual NIC servers utilizing the DMZ port (as well as an internal connection)?

This is not advisable.  The DMZ (DeMilitarized Zone) has very little or no security from the internet.  The Firewall does very little to block any hurtful requests.  You should NOT connect this computer physically to the internal network.  All communications in and out of the internal network needs to be forced through the firewall.  Connecting your internal network to the DMZ basically invalidates the security of the firewall.  
0
 
chadman66Author Commented:
If a computer is setup with a dual NIC, one on the internal Network and one one the DMZ and the computer is infected by a virus\trojan\worm would the internal network be at risk of this infection?
0
 
adamdrayerCommented:
yep.  actually, connecting the DMZ to the internal network sorta makes every single computer on the network "in the DMZ" by definition.  internal networks should have well defined boundries on all sides by firewalls.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now