External & Internal mail server
Vu Pham
vu
Fri May 27 11:51:35 PDT 2005
> -----Original Message-----
> From: linux-users-bounces at linux-sxs.org
> [mailto:linux-users-bounces at linux-sxs.org] On Behalf Of
> Matthew Carpenter
> Sent: Thursday, May 26, 2005 6:53 AM
> To: Linux tips and tricks
> Subject: Re: External & Internal mail server
[...]
> It's risk management. The DMZ server is accessible from the
> Internet, so any valid exploits will be able to compromise
> it. The internal server is the actual storage facility for
> the mail, and accessible from the inside, and possibly from
> the DMZ box. If the two mailsystems have the same
> vulnerabilities, you may have bought some time before they
> gain access to your internal system. If they are different
> (like Sendmail out front, Postfix or Lotus Notes on the
> inside), you may have stopped the attacker in the DMZ.
> Hopefully you are monitoring for strange behavior (including
> but not limited to services failing and needing to be
> restarted). Hopefully you have IDS watching the key points
> in your network. Hopefully you have patch management
> procedures (easy in Linux, just automate it with YOU, YUM, or
> Cron-Apt) and are fully patched at "all" times.
>
> There are other, less extreme cases, but this is one example of why.
> Security is a game of time. You can't keep attackers out all
> the time. Hopefully you are able to slow them down and catch
> them before they get anything of value. This justifies what
> the industry calls "Defense in Depth".
>
Matt, thank you very much for the explanation.
Vu
More information about the Linux-users
mailing list