• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Network planning

G

Goosemaster

Lifer
I usually setup networks with the router as the dhcp server and have the clients and servers as clients. Then I use authentication via AD through the server and such.

Works fine.

Recently I've had numerous clients ask me to make their SMB 2003 into their DHCP servers and to set them up as proxy's for everything so that everything goes through them.

My question is, how hard is it to teach a novice how to create FTP servers and such BEHIND THAT DHCP server and route ports and such through it AND through the firewall without using ISA 2000? In addition, what about if using ISA 2000 as a proxy?

They need to be able to administer it🙁



It's just so much easier to do it through the router/firewall and ONLY thorugh the router/firewall.

picture:

-WAN-Server-network


 
Generally just a bad idea and spits in the face of best practice for security.

How hard is it to teach them? Not hard. But it requires a good amount of knowledge to keep it secure. Where as firewall/router is pretty straight forward - disallow everything and only allow such and such.

As far as best practices I'm sure you know about the "layered" approach to security.
 
Originally posted by: spidey07
Generally just a bad idea and spits in the face of best practice for security.

How hard is it to teach them? Not hard. But it requires a good amount of knowledge to keep it secure. Where as firewall/router is pretty straight forward - disallow everything and only allow such and such.

As far as best practices I'm sure you know about the "layered" approach to security.
Click to expand...

thanks.
 
tell them that is bad, and that it will get (using scare tactic's buzzwords) Haxxored and pwned in under 2 days, and then they will have to tell all their customers why their data was comprimised and stolen, and will probably have an investigation by the feds.
 
"I strongly recommend you not take this approach and here is why. You can debate all you like but it disagrees with cert.org and just about any other security best practices. I encourage you to find information to the contrary. I firmly stand behind my recommendation."

But then again the customer is always right.
 
Originally posted by: spidey07
"I strongly recommend you not take this approach and here is why. You can debate all you like but it disagrees with cert.org and just about any other security best practices. I encourage you to find information to the contrary. I firmly stand behind my recommendation."

But then again the customer is always right.
Click to expand...

sweet. I didn't have any resources with which to back up my claim other than schooling and experience...

*heads off to cert.org*

Spidey07 > *.*


:lips:
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top