Designing and Building Enterprise DMZs

Chapter 2: Windows DMZ Design

Introduction

Microsoft has taken great strides in the past few years to enhance its security posture. Windows 2000 and Windows Server 2003 are as secure as Microsoft can make them, so it s very important that you follow this chapter closely; everything you learn here will be used in your network s demilitarized zone (DMZ).

In Chapter 1 we learned what a DMZ is, its fundamental security concepts, and how to design a basic DMZ with traffic flows. In this chapter we start to populate the DMZ with systems and the specifics of designing those systems to work within the DMZ. From Chapter 1, you ll recall what you learned about the basic DMZ and its overall reason for existence as well as its basic design. Building on the content of Chapter 1, this chapter shows you how to use your Windows systems within the DMZ design. We cover how to design a Windows-based network solution that will work within and around the DMZ segment. It s important to know this information as a security administrator or engineer because the DMZ (as you are now starting to see) can be very complex to work with. It will grow even more complex as we move through this book. (Chapter 13 and Appendix A focus entirely on how to lock down and harden Windows services such as IIS, so if you are only looking to harden systems, you might want to jump directly to those sections of the book.)

In this chapter you learn about Windows...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Security Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.