RE: DMZ or not ?

From: Moore, James (James.Mooreat_private)
Date: Fri Oct 08 1999 - 15:52:43 PDT

Next message: Colin Horsington: "Arrow Point Firewall"

Previous message: C.M. Wong: "Testing Firewalls.."
Maybe in reply to: fgbat_private: "DMZ or not ?"
Next in thread: Frederick M Avolio: "Re: DMZ or not ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Could someone expand on this advice, and list/explain the additional risks
assumed by operating between the router and firewall (as opposed to
operating off a third firewall interface)?

James Moore

> -----Original Message-----
> From:	Thomas Crowe [SMTP:thomas.croweat_private]
> Sent:	Friday, October 08, 1999 7:29 AM
> To:	fgbat_private; firewall-wizardsat_private
> Subject:	RE: DMZ or not  ?
> 
> That depends a lot on what definition of a DMZ your using!  If you mean
> the
> classical definition of a DMZ i.e. in between the router and the firewall
> *unprotected* except by router acl's, then my advice would be, don't do
> it,
> not under any circumstances! (ok maybe one or two circumstances).  If your
> referring to the somewhat more contemporary definition of a DMZ i.e.
> another
> interface off your firewall, where as all traffic must still traverse the
> firewall, then I would say go for it, that way *when* your public machines
> get hacked your internal network is still protected, this is good; very
> good
> :-).  NAT is a good thing but it is security through obscurity which isn't
> very secure in and of itself.  Just my $0.02
> 
> Thomas Crowe
> Production Network Systems Administrator
> BellSouth Online
> 678-441-7454
> 
> > -----Original Message-----
> > From: owner-firewall-wizardsat_private
> > [mailto:owner-firewall-wizardsat_private]On Behalf Of
> > fgbat_private
> > Sent: Wednesday, October 06, 1999 9:57 AM
> > To: firewall-wizardsat_private
> > Subject: DMZ or not ?
> >
> >
> > Hello wizards,
> >
> > Divergences are occurring here im my officce about the use of a
> > DMZ, and I hope the wizards will give me some explanations and/or
> > secure informations about the better
> > implementation.
> >
> > Currently, we're using Linux as a Firewall Box, with a port
> > forwarding to our mail server, that is behind the firewall.
> >
> > We are in way now, to install a public web server and a DNS
> > server. What are de advantages and disadvantages of placing this
> > servers behind the firewall and perform
> > NAT or Port forwarding, instead of  using a DMZ ?
> >
> > Which of the options shoud I implement here in my officce, to
> > have a secure site ?
> >
> > Thanks and regards,
> >
> > Fábio Baptista
> > fgbat_private
> >
> >
> >

Next message: Colin Horsington: "Arrow Point Firewall"
Previous message: C.M. Wong: "Testing Firewalls.."
Maybe in reply to: fgbat_private: "DMZ or not ?"
Next in thread: Frederick M Avolio: "Re: DMZ or not ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:42:35 PDT