Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

email server in dmz

Hello,

What are some benefits of establishing an email server in the dmz rather than the inside I/F of the PIX FW?

Thanks for your input!!

1 REPLY
Cisco Employee

Re: email server in dmz

The benefit of having any server in a DMZ is that if that server becomes compromised, the attacker still doesn't have any access to internal hosts. If the server is sitting on the inside and someone can get root access to it, then they have an open connection into your network.

With a DMZ you should only allow the specific ports from the outside world, and don't allow any connections to be established FROM the DMZ to the inside network, but allow inside users to connect otthe DMZ freely (the default behaviour with the PIX).

92
Views
0
Helpful
1
Replies