Basic Network Configuration

• Previous message: Nick Duda: "RE: Icmps"
• Next in thread: Ivan Coric: "Re: Basic Network Configuration"
• Maybe reply: Ivan Coric: "Re: Basic Network Configuration"
• Reply: Neal K. Groothuis: "Re: Basic Network Configuration"
• Reply: Stuart: "RE: Basic Network Configuration"
• Reply: cc: "Re: Basic Network Configuration"
• Maybe reply: Chris Berry: "Re: Basic Network Configuration"
• Reply: Anders Reed-Mohn: "Re: Basic Network Configuration"
• Reply: DRAx: "Re: Basic Network Configuration"
• Reply: Ansgar -59cobalt- Wiechers: "Re: Basic Network Configuration"
• Reply: Valter Santos: "Re: Basic Network Configuration"
• Maybe reply: . .: "Re: Basic Network Configuration"
• Reply: David Gillett: "RE: Basic Network Configuration"
• Reply: DRAx: "Re: Basic Network Configuration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 14 Oct 2003 12:40:12 -0400
To: <security-basics@securityfocus.com>

All,

Okay I know this is truly a basic question, but this is after all the "security-BASICS" list!

Most LAN configs I've seen include two, separate pieces of hardware to define the DMZ. A firewall on the outside and another firewall or policy switch on the inside is usually how I've seen that handled.

My new company uses 3 separate NICs in the same firewall. One for inbound, one for the LAN and one for the DMZ. Each has it's own address block.

It seems like using the firewall to do this makes sense, but I'd appreciate some external confirmation on that.

The second issue is this: is there a rule of thumb to determine what should and should not go in the DMZ vs. the LAN? It seems to me that anything that requires access from outside the network (Ex. DNS servers, Mail servers, demo servers, etc.) should go in the DMZ. True?

Thanks in advance.
KC Smith

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Nick Duda: "RE: Icmps"
• Next in thread: Ivan Coric: "Re: Basic Network Configuration"
• Maybe reply: Ivan Coric: "Re: Basic Network Configuration"
• Reply: Neal K. Groothuis: "Re: Basic Network Configuration"
• Reply: Stuart: "RE: Basic Network Configuration"
• Reply: cc: "Re: Basic Network Configuration"
• Maybe reply: Chris Berry: "Re: Basic Network Configuration"
• Reply: Anders Reed-Mohn: "Re: Basic Network Configuration"
• Reply: DRAx: "Re: Basic Network Configuration"
• Reply: Ansgar -59cobalt- Wiechers: "Re: Basic Network Configuration"
• Reply: Valter Santos: "Re: Basic Network Configuration"
• Maybe reply: . .: "Re: Basic Network Configuration"
• Reply: David Gillett: "RE: Basic Network Configuration"
• Reply: DRAx: "Re: Basic Network Configuration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]