?
Solved

DMZ VS. One to One NAT

Posted on 2004-10-16
3
Medium Priority
?
317 Views
Last Modified: 2010-05-18
I have a couple questions about setting up Windows 2k servers.  
1)  What are the security differences between using One-to-One NAT through a Sonicwall Firewall and Using dual NIC servers utilizing the DMZ port (as well as an internal connection)?
2)  I have monitoring software running on the server and when set up utilizing the DMZ and and internal connection (dual NIC)the server fails when trying to monitor internal resources?
3)  When running Poject Web Access will I have problems with Domain Authentication when accessing through DMZ from an external address.
0
Comment
Question by:chadman66
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 15

Accepted Solution

by:
adamdrayer earned 750 total points
ID: 12328910
>>Using dual NIC servers utilizing the DMZ port (as well as an internal connection)?

This is not advisable.  The DMZ (DeMilitarized Zone) has very little or no security from the internet.  The Firewall does very little to block any hurtful requests.  You should NOT connect this computer physically to the internal network.  All communications in and out of the internal network needs to be forced through the firewall.  Connecting your internal network to the DMZ basically invalidates the security of the firewall.  
0
 

Author Comment

by:chadman66
ID: 12329169
If a computer is setup with a dual NIC, one on the internal Network and one one the DMZ and the computer is infected by a virus\trojan\worm would the internal network be at risk of this infection?
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12329319
yep.  actually, connecting the DMZ to the internal network sorta makes every single computer on the network "in the DMZ" by definition.  internal networks should have well defined boundries on all sides by firewalls.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question