RES: DMZ design

From: Flávio Pareira (fpereirabr_at_yahoo.com.br)
Date: 08/31/03

  • Next message: Damon McMahon: "Re: automatic update on Mac OS X" 
    To: "'me null'" <me_null@hotmail.com>, <security-basics@securityfocus.com>
Date: Sun, 31 Aug 2003 14:46:34 -0300

            In my company I use this scheme:

            _________ ______
         | | _ _ _ | |
            FireWall _ _ _ Router >> Internet
         |_________| |______|
            | |
            | |
            | |
      Office LAN |
                  |
                 DMZ (Development)

            And in this structure I just setup the FW to provide the better
    security possible, restrict access to internet from DMZ (in and out),
    DMZ cannot access the Office LAN (nothing) and from Office LAN just the
    necessary access to the internet (e-mail, http and any other port access
    really necessary).

            I hope to be help you!!!

    Flávio Pereira
    fpereirabr@yahoo.com.br
    flavio_it@hotmail.com (MSN)
    ICQ: 62382441
     

    -----Mensagem original-----
    De: me null [mailto:me_null@hotmail.com]
    Enviada em: quarta-feira, 27 de agosto de 2003 02:29
    Para: security-basics@securityfocus.com
    Assunto: DMZ design

    Hello i was hoping someone could answer a couple questions i had bout
    DMZ
    design. Speeking from a serurity stand point is it best to have ur DMZ
    and
    Internal Network seperated by a router (option 1) or is it better to
    have ur
    Internal Net. connect to the internet through the DMZ (option2) all help
    is
    appracated thx

    option 1 internet
                         |
           DMZ --- router ---- Network

    option 2 internet -- DMZ --- Network

    _________________________________________________________________
    Get MSN 8 and enjoy automatic e-mail virus protection.
    http://join.msn.com/?page=features/virus

    ------------------------------------------------------------------------ 

    ---
Attend Black Hat Briefings & Training Federal, September 29-30
(Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event
in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
  • Next message: Damon McMahon: "Re: automatic update on Mac OS X"

    Relevant Pages

    • Re: What is DMZ?
      ... Please don't confuse a DMZ with the "all forward" feature on cheap NAT ... a machine that is providing a service to people on the internet will be ... This is why DMZ's were originally set-up;to apply a security policy on traffic from ... This means that the companies security design must mandate that all internal hosts will ...
      (comp.security.firewalls)
    • Re: Lets talk about firewalls - what do we as a group think a firewall should be/have?
      ... NAT, and the DMZ, since it's already secured, is a good place to tack ... If the "company" is not offering services to the Internet, ... and connections to the internal LAN should ... be by means of a second interface on the server. ...
      (comp.security.firewalls)
    • Merge replication security
      ... internet and I'm wondering if I can increase security by moving the ... standard security and have holes in our firewall to allow traffic from dmz ... If we put the distributor into DMZ could and made the internal ...
      (microsoft.public.sqlserver.replication)
    • Re: Where to place the DMZ zone?
      ... hypothetically lets say you have no DMZ hosting an email bridgehead ... If a hacker were to compromise one of your email or web servers (they are ... That is, the Internet accessible servers ... that can be compromised are on your internal network, ...
      (microsoft.public.isa)
    • Re: Prividing Intranet Website Access To External Users
      ... I really wouldnt like to be having my company intranet on the ... I would probably integrate the ldap/dc as a security server on the ... >> The web server will be in the DMZ, and only port 443 will be ... >> intranets to the internet in a secure manner. ...
      (Security-Basics)