Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX ASA : Need to setup a server in a DMZ such that

Reply
Thread Tools

PIX ASA : Need to setup a server in a DMZ such that

 
 
barret bonden
Guest
Posts: n/a
 
      03-26-2010

Need to setup a web server in a DMZ such that
1) computers on the INSIDE interface can , on a microsoft LAN, browse to and
copy files FROM the server in the DMZ to themselves in the inside
2) If the server in the DMZ is hacked it will prevent attack on the inside
computers.


I need to:
1) know this is possible
2) be pointed to instructions on how to set this up
3) understand HOW this is done
4) understand if the Inside and DMZ are on differnt subnets if the ASA is
doing routing as well as passing Netbios packets.As I understand the world
if you allow netbios from and to subnets you are making security holes that
undermine the value of the DMZ


 
Reply With Quote
 
 
 
 
Tilman Schmidt
Guest
Posts: n/a
 
      03-27-2010
Am 26.03.2010 20:11 schrieb barret bonden:
> Need to setup a web server in a DMZ such that
> 1) computers on the INSIDE interface can , on a microsoft LAN, browse to and
> copy files FROM the server in the DMZ to themselves in the inside
> 2) If the server in the DMZ is hacked it will prevent attack on the inside
> computers.
>
>
> I need to:
> 1) know this is possible
> 2) be pointed to instructions on how to set this up
> 3) understand HOW this is done
> 4) understand if the Inside and DMZ are on differnt subnets if the ASA is
> doing routing as well as passing Netbios packets.As I understand the world
> if you allow netbios from and to subnets you are making security holes that
> undermine the value of the DMZ


You got that right. Opening up Microsoft LAN protocols between the DMZ
and your internal network makes it pretty much impossible to secure the
internal network against attacks from the DMZ server, should it be
subverted.

(Btw, I don't agree with your distinction between "routing" and "passing
Netbios packets". The latter is a particular case of the former.)

What I'd recommend is not to use Netbios for that purpose. If that DMZ
server is a web server already, why not have the inside computers browse
to and copy these files via HTTP, too? For that you only have to open
port 80 from inside to DMZ, which you probably did already anyway.

HTH
Tilman
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
problem in running a basic code in python 3.3.0 that includes HTML file Satabdi Mukherjee Python 1 04-04-2013 07:48 PM
help with pix inside->outside + dmz->outside + inside->outside->dmz Jack Cisco 0 09-19-2007 01:57 AM
site to site VPN on DMZ and outside pix/asa rel 7.x ivan@netvision Cisco 0 08-16-2007 08:17 PM
Cisco PIX DMZ to DMZ Access Network-Guy Cisco 7 09-25-2005 08:28 PM
PIX: Inbound http fails to bring up a web page from server in DMZ; PIX logs shows : J Bard Cisco 0 01-09-2004 04:24 AM



Advertisments