Solved

DMZ VS. One to One NAT

Posted on 2004-10-16
3
306 Views
Last Modified: 2010-05-18
I have a couple questions about setting up Windows 2k servers.  
1)  What are the security differences between using One-to-One NAT through a Sonicwall Firewall and Using dual NIC servers utilizing the DMZ port (as well as an internal connection)?
2)  I have monitoring software running on the server and when set up utilizing the DMZ and and internal connection (dual NIC)the server fails when trying to monitor internal resources?
3)  When running Poject Web Access will I have problems with Domain Authentication when accessing through DMZ from an external address.
0
Comment
Question by:chadman66
  • 2
3 Comments
 
LVL 15

Accepted Solution

by:
adamdrayer earned 250 total points
ID: 12328910
>>Using dual NIC servers utilizing the DMZ port (as well as an internal connection)?

This is not advisable.  The DMZ (DeMilitarized Zone) has very little or no security from the internet.  The Firewall does very little to block any hurtful requests.  You should NOT connect this computer physically to the internal network.  All communications in and out of the internal network needs to be forced through the firewall.  Connecting your internal network to the DMZ basically invalidates the security of the firewall.  
0
 

Author Comment

by:chadman66
ID: 12329169
If a computer is setup with a dual NIC, one on the internal Network and one one the DMZ and the computer is infected by a virus\trojan\worm would the internal network be at risk of this infection?
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12329319
yep.  actually, connecting the DMZ to the internal network sorta makes every single computer on the network "in the DMZ" by definition.  internal networks should have well defined boundries on all sides by firewalls.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question