Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

Re: safety of unidirectional NT trusts
From: Jonas Anden <dajudge () home se>
Date: 15 Jan 2002 16:17:35 +0100
I have been tasked with permitting M$ networking access between an NT 
server on the DMZ an other Windows machines behind the firewall.  My plan 
is to not let the DMZ machine initiate any connections to the internal 
machines, but they can initiate connections to the DMZ machine.  The DMZ 
machine should be set up to trust the internal machine, but the internal 
machine should not trust the DMZ machine; I know I can't control this on 
the firewall.  I don't know much about M$ networking, I don't get to make 
decisions, I just implement firewall rules whether I like them or not.


Is that setup at all possible? To have the DMZ server trust the internal
DC, it needs to connect to the DC. I suggest you have do not have any
trust relationships set up between the DMZ and the internal network.

I'm not a M$ hacker either, but that just my $0.02.

  // J

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]