Announcement

Collapse
No announcement yet.

BDC, DMZ Connectivity

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • BDC, DMZ Connectivity

    If you look at this diagram:

    http://awphuch2000.dyndns.org/smooth...wap-orange.jpg

    Orange=DMZ
    Green=Private

    This is similar to my setup except that I have just 1 Web server in the DMZ and 1 File Server/PDC (Windows Server 2003 std.) in the private network.

    My question is, is it possible to even make the Web Server in the DMZ a Backup Domain Controller for our File Server? It's on a different network/NIC connected to that firewall. Would this make any sense if you could? or would you have to go buy another server and put it on the private network to be a BDC?

    Is this really bad for security because it exposes your Active Directory to the DMZ? Does it matter?

    Thanks,
    Tyler

  • #2
    Re: BDC, DMZ Connectivity

    Technically, all that you want is possible. But:

    > Is this really bad for security because it exposes your Active Directory to the DMZ? Does it matter?

    Think about it. If somebody hacks that machine in the DMZ, he rules your network.

    In short; NEVER have a DC of your internal network in the DMZ. Never.

    Comment

    Working...
    X