Re: Firewall and DMZ topology

From: Chris Berry (compjma_at_hotmail.com)
Date: 06/10/03

  • Next message: Chris Berry: "RE: Share Permissions" 
    To: security-basics@securityfocus.com
Date: Mon, 09 Jun 2003 17:53:07 -0700

    >From: Christopher Ingram <cmi@crystalsands.net>
    >So, the below setup is not decent for a corporate LAN. Ideally, the DMZ
    >should sit on a seperate connection to the Internet from the rest of the
    >network, using a different ISP and therefore, different IP block. This
    >provides the most isolation.

    I'm afraid I don't see how that:

    internet --> Firewall --> Lan

    internet --> Firewall --> DMZ

    would be any more secure than this:

    internet --> Outer Firewall --> DMZ --> Inner Firewall --> LAN

    or this:

    internet --> Firewall --> LAN
                                 --> DMZ

    which are the setups that I've seen. Can you give some
    justification/explanation on why you think that would be better?

    Chris Berry
    compjma@hotmail.com
    Systems Administrator
    JM Associates

    "All I want is a few minutes alone with the source code for the universe and
    a quick recompile."

    _________________________________________________________________
    STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
    http://join.msn.com/?page=features/junkmail

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------

  • Next message: Chris Berry: "RE: Share Permissions"

    Relevant Pages

    • Re: Ten least secure programs
      ... Outlook is a groupware client and is ... internet mail client. ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ... and see how you can get plug-n-play secure remote access in ...
      (Security-Basics)
    • Re: Ten least secure programs
      ... Outlook is a groupware client and is ... > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ... > about an hour, with no client, server changes, or ongoing maintenance. ...
      (Security-Basics)
    • Re: Secure WAN Setup (Possibly off topic?)
      ... > The budget for this setup is probably less than $5000 though thats ... If that budget includes costs for initial setup and first year for ... performance than the internet, the internet isn't really all that ...
      (Security-Basics)
    • Inbound Mail Error of E-2003 behind Single NIC ISA2004/smtp relay
      ... Network is setup as follows: ... -private range of 192.168.0 network with access to internet via router ... -ISA2004 Server is on single NIC setup acting as web proxy and smtp relay ...
      (microsoft.public.exchange.setup)
    • Re: Two error messages
      ... Each computer can connect to the internet without ... >> visible in Network Neighborhood, ... >router and I entered the IP static address assigned to me by my ISP. ... The best way for a "clean sweep" would be for you to setup both computers to get ...
      (microsoft.public.windowsxp.network_web)