RE: Placing Test Server in DMZ



What if we have a test server that requires VPN connection to
external vendor. is it advisable to put it in DMZ (since DMZ
is should only be for production servers), or better to keep
it inside the network ? Please support your views with
evidences if possible

Who ever said the DMZ was only for production servers? It's
for servers that need to be able to accept inbound connections
from the Internet.
That VPN connection FROM the external vendor qualifies. Far
better it should be in the DMZ than that you let that traffic --
or something spoofing to look like it! -- into a trusted portion
or your secured network....

David Gillett


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------



Relevant Pages

  • Re: Placing Test Server in DMZ
    ... is it advisable to put it in DMZ (since DMZ is should only be ... for production servers), or better to keep it inside the network? ... Test servers should not be on either your LAN or the network with your ... and give the external vendor VPN access to that ...
    (Security-Basics)
  • [fw-wiz] PIX Questions.
    ... Is it possible to limit the number of inbound connections ... host/port combo in DMZ. ... How about the PIX? ...
    (Firewall-Wizards)