Re: DMZ (De-militarized Zone)
From: John (jwholmes_at_earthlink.net)
Date: 12/02/03
- Next message: Boyd Williston: "Re: Linksys BEFSX41 vs. high end firewalls"
- Previous message: John: "Re: Server Ports"
- In reply to: Arman: "DMZ (De-militarized Zone)"
- Next in thread: Lars M. Hansen: "Re: DMZ (De-militarized Zone)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 02 Dec 2003 07:06:01 GMT
On Mon, 01 Dec 2003 05:27:24 -0800, Arman wrote:
> Hi Everybody
>
> I am prepared to create a DMZ network for all my testings and also a
> Safe zone for my file servers and so on! Currently inside our office
> there are several computers connected to a hub and then through a
> Cisco 800 series router which gets configured by our ISP! This router
> is capable of DMZ but it only has one cable port which is useless to
> me because the whole idea of DMZ is to create two seprate networks
> where the two can not talk to each other! Money is not exactly an
> issue here, but maximum security is my main concideration, so throw
> the best options at me as well as the cheap solutions too :P
>
> I would like to know your suggestions on whether im better of going
> ahead with hardware firewall (Cisco Routers for example) which is
> caplable of DMZ the extra ports to seprate my DMZ from my safe zone or
> i should go ahead with Software Firewalls (Dedicate a Linux pc with a
> firewall software and 3 NIC) to used instead of a Router/Firewall? I
> know that if i use the software firewall solution then i dont have to
> do anything to my router or get the ISP guys to configure anything for
> me so thats another plus for the Software solution! if You think
> hardware firewall/router is the way to go plz tell me what brands or
> types are good for a medium size company? and also what softwares for
> the PC if thats what you think i should do?
>
> Your help is appriciated
First of all, there is no "safe zone" unless it is a physically separate
network. Since you say they should not be able to talk to each other that
is exactly what you should do. Since you seem to want an outside, dmz
(actually a screened network but everyone calls it the wrong thing these
days) and inside you can go either way. The best option for security is to
hire a competent security guy and have them setup whatever they know the
best. Not even a great firewall is worth a damn if you misconfigure it.
Wolfgang is wrong about wirecutters being the only hardware firewall. A
good vault door will do the trick almost as well as cutting the cable. ;)
Seriously, there are lots of choices. The right one is the one you feel
comfortable setting up and running. People will try to tell you X sucks or
Y is great but if you can't run it, it is a security risk.
-- ___________ John Holmes jwholmes@earthlink.net
- Next message: Boyd Williston: "Re: Linksys BEFSX41 vs. high end firewalls"
- Previous message: John: "Re: Server Ports"
- In reply to: Arman: "DMZ (De-militarized Zone)"
- Next in thread: Lars M. Hansen: "Re: DMZ (De-militarized Zone)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
