How do you manage your DMZ server accounts?

  • humbletech99
  • Proficient
  • Proficient
  • User avatar
  • Posts: 300

Post 3+ Months Ago

I'd just like to know what you use for user account management on your DMZ servers?

Do you use the same authentication realm as internally?

Do you use a different authentication realm, perhaps only for the DMZ?

Do you use local accounts?
  • kc0tma
  • o|||||||o
  • Web Master
  • User avatar
  • Posts: 3318
  • Loc: Trout Creek, MT

Post 3+ Months Ago

I've never done it with linux, but I have in windows. We had active directory set up, so we'll call our domain example.com. Then there was a domain controller in the DMZ that was a child domain of example.com, we called it dmz.example.com. We set up a trust so that from example.com we could manage dmz.example.com, but not the other way around. It seemed to work pretty good.
  • humbletech99
  • Proficient
  • Proficient
  • User avatar
  • Posts: 300

Post 3+ Months Ago

Doesn't that mean that you'd have to punch holes through your firewall?
  • kc0tma
  • o|||||||o
  • Web Master
  • User avatar
  • Posts: 3318
  • Loc: Trout Creek, MT

Post 3+ Months Ago

You'll always have to have a hole in the firewall, but depending on the firewall appliance you can probably limit it so that only certain IPs on each side can send traffic over specific ports. I know some cheap firewalls they are either open or closed, but if you have a good one you can seal it up nicely. We were using a watchguard Core device and it actually integrated with the active directory, so setting up the dmz and telling it which server was which was cake, then throw in the antispam and antivirus capabilities and we had a pretty decent thing going.

Post Information

  • Total Posts in this topic: 4 posts
  • Users browsing this forum: No registered users and 49 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.