Best Practices - DMZ Security.
From: tony toni (tony572001@hotmail.com)Date: 10/30/02
- Previous message: Mike Powell: "RE: TCP DNS requests"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "tony toni" <tony572001@hotmail.com> Date: Wed, 30 Oct 2002 12:09:53 -0800
Hi,
What are the best security practices for a DMZ? Or put a different
way...what are things you should never allow to be done on a DMZ? To give
you an example of what I am talking about we have had our DMZ set up for
about 5 years. However we keep getting stranger requests for activities
that want to be done on the DMZ. Examples include: setting up a chat server
on the DMZ, opening up our firewall so various groups can use "Polycom web
cams" for video conferencing, vendors that want to ssh directly into are
internal servers, backing up DMZ servers to internal servers, etc.
I am working with our firewall administrators and trying to establish
guideline/standards. What would you recommend in the areas of:
.general DMZ security design considerations?
.services to allow?
.ports that should be open/closed?
.vendor/employee use of DMZ?
Is there a white paper somewhere that addresses these and other DMZ security
issues? I feel like our DMZ is designed appropriately...however it's
security is being eroded with all of the changes people want done to the DMZ
firewalls (use 4 of them...2 face internet and 2 face internal network)
Tony
IT Security Task Force Manager
_________________________________________________________________
Choose an Internet access plan right for you -- try MSN!
http://resourcecenter.msn.com/access/plans/default.asp
- Previous message: Mike Powell: "RE: TCP DNS requests"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
