Mailinglist Archive: opensuse-security (465 mails)
| < Previous | Next > |
Re: [suse-security] Offtopic (maybe): Proposal for school network
- From: Bjoern Engels <bengels@xxxxxxxxxxx>
- Date: Tue, 4 Dec 2001 16:42:58 +0100
- Message-id: <0afc309471504c1WEB@xxxxxxxxxxxxxxx>
On Tuesday, 4. December 2001 16:24, Christoph Pernsteiner wrote:
> http://www.festlinfo.at/schoolnetwork.jpg. Would somebody be so kind
> and make comments on it or critisize it because I want to improve it.
I would never place a domain controller into the DMZ - the DMZ is used
to allow the Internet acess to it, you do not wan't to allow Internet clients
to log on to your Domain controller, do you ?
The best solution for the external firewall would be _only_ a packetfilter,
no services running (in my opinion). You can place the Proxy in the LAN or
the DMZ.
> Christoph Pernsteiner
Björn
> http://www.festlinfo.at/schoolnetwork.jpg. Would somebody be so kind
> and make comments on it or critisize it because I want to improve it.
I would never place a domain controller into the DMZ - the DMZ is used
to allow the Internet acess to it, you do not wan't to allow Internet clients
to log on to your Domain controller, do you ?
The best solution for the external firewall would be _only_ a packetfilter,
no services running (in my opinion). You can place the Proxy in the LAN or
the DMZ.
> Christoph Pernsteiner
Björn
| < Previous | Next > |