[ale] slightly OT: network structure

Charles Marcus CharlesM at Media-Brokers.com
Wed Feb 13 17:45:57 EST 2002


The only potential issue I can think of is, since its a Windows box, and
much more prone to DoS attacks and such, if it did get compromised, it could
kill your bandwidth...

What services will it be running?

Charles

> -----Original Message-----
> From: jenn at colormaria.com [mailto:jenn at colormaria.com]
> Sent: Wednesday, February 13, 2002 5:05 PM
> To: ale at ale.org
> Subject: [ale] slightly OT: network structure
>
>
> I've been asked to put a Win2000 box that I will not manage
> in my cabinet at
> our co-lo facility.  I'm considering putting this box in my
> DMZ with my
> email and DNS servers and I'm wondering if anyone who has managed a
> mixed-environment network could help me ensure that, should
> this machine run
> amok, it won't hurt my other boxen?
>
> I have a linux box acting as a gateway between the co-lo
> network and my DMZ.
> The DMZ servers all run iptables firewalls, have unnecessary
> services turned
> off, and are as securely set up as I can make them.  In the DMZ is a
> firewall/NAT machine that protects some other servers.  Is
> this enough to
> protect my DMZ machines should the windows box get
> compromised in some way?
> Should I put it on my private network and run NAT for its
> services?   I've
> considered also replacing the initial linux gateway with a
> cisco or other
> brand managed switch, and attempting some sort of vlan, but I'm  not
> convinced this would make things better...and be a learning
> curve to boot.
>
> What do you folks do in a situation like this?  The admin for
> this machine
> has already agreed to follow the NSA guidelines for locking
> down a windows
> machine, and anything else I can find for him.  All help is,
> as always,
> appreciated.
>
> TIA
> jenn
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info.
> Problems should be
> sent to listmaster at ale dot org.
>



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list