> 1) People generally have their SMTP server sitting somewhere within
> the "[Internal Net]". The firewall would say something like "We only allow
> connections to port 25 of the SMTP gateway". If the SMTP gateway is sitting
> inside, the perimiter is broken.
>
The proper way to set this up is to have the firewall itself accept mail with
smapd and sendmail v8.6 and then re-route that mail to the internal servers.
The internal servers are never vulnerable to an attack because the outside
world cannot talk directly to them.
>
> 2) If the internet SMTP gateway sits on the DMZ, and the customer
> has several internal SMTP gateways that distribute all the mail, then again,
> the SMTP gateway on the DMZ would have access to send data to the inside SMTP
> hosts, thus providing information flow. If the internal SMTP gateways are
> vulerable to attack (IE: version of sendmail that have problems, IE: ALL)
then
> again, the perimiter is broken.
>
The best way to secure things is to assume nothing is secure on your internal
network. Reduce your points of faliure on the DMZ, and trust nothing. If you
make sure that your DMZ versions of sendmail are secure and they talk to your
internal servers, no direct communication ever takes place from the external
network to the internal network.
-joav
|
|
