I am currently analyzing different strategies for implementing a Lotus
Notes
system that is to replicate (both inbound & outbound) with a small
number of
Notes servers (4-10) over the Internet. Our current policy is to have
any
server that is to receive inbound connections from the internet
quarantined
in a DMZ network hung off of our Internet firewall. This ascii art
attempts
to show how this would look on our network:
{External Notes Server(s)} {Internal Notes
Clients}
| |
| |
| |
| v
[Internet]--->{Firewall}<---[internal networks]--->{Internal Notes
Server(s)}
^
|
[DMZ network]
|
v
{Notes Passthru Server}
Is ANY security gained by having a Notes "Passthru" server installed in
the
DMZ, instead of having the traffic from the Internet travel directly to
the
internal Notes Server(s)???
If there is a security improvement by utilizing the "Passthru" server &
DMZ
network combination, what is to gain my this improvement? The security
of the
individual internal Notes servers themselves, or is the security of our
complete enterprise network benefited?
Thanx in advance for any answers, commentaries, or critiques. -Eric
--
------------------------------------------------------------
Eric R. Holst - Information Systems Security Analyst
Eric .
Holst @
mail .
co .
ventura .
ca .
us
Voice: 805.662.6622 Fax: 805.654.3394
Information Systems Department, County of Ventura
800 South Victoria Avenue, L#1100
Ventura, CA 93009
------------------------------------------------------------
|
|
