Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DMZ design - Exchange, SQL, & DCOM

From: "Michael Borkin" <borkin () netquest com>
Date: Sun, 6 Feb 2000 10:47:03 -0500
    <snip>

        Just because your SQL server is in the DMZ does not mean
        that it is accessible from the outside. Your outside firewall
        interface should only allow HTTP traffic to the web server
        and SMTP traffic to the mail server. Thats it. Nothing more.
        Your SQL server doesn't even need an internet routable IP
        address. It doesn't even need IP. You could set it up to use
        IPX or Netbeui to talk to the web server. (Do this only if your
        firewall will let you talk to the SQL server from the inside using
        IPX or Netbeui)

    </snip>

I am assuming you mean that the firewall allows IPX or Netbeui inside the
DMZ.  I never have considered that.  Would that be allowed through the
rules?  Would it open the servers up to in another way, such as tunneling
those protocols in, if I was to allow IPX or Netbeui?


    <snip>

        One more thing. The book "Building Internet Firewalls" is NOT
        written by Cheswick and Bellovin as a stated previously. "Building
        Internet Firewalls" is written by Brent Chapman and Elizabeth
        Zwicky and is published by O'Reilly.


    </snip>

Thanks for the reference as well... I haven't had time to check it out as of
yet but it does sound like exactly the kind of book I need to read.

Mike
Previous By Date Next
Previous By Thread Next

Current thread: