Security Basics mailing list archives
Re: Basic Network Configuration
From: "Ivan Coric" <ivan.coric () workcoverqld com au>
Date: Wed, 15 Oct 2003 09:28:14 +1000
Hi KC, A traditional setup, and a good one. If possible don't allow any direct comms from the LAN to the internet, or at least limit it. internet<-------------------->Firewal<-------------------->LAN---------Internet proxy | |—------Mail Server | |—------DNS Server DMZ Internet Proxy Mail Relay DNS Regards Ivan Ivan Coric IT Technical Security Officer Information Technology WorkCover Queensland Ph: (07) 30066414 Fax: (07) 30066424 Email: ivan.coric () workcoverqld com au
"Smith, KC" <ksmith () systemsalliance com> 10/15/03 02:40am >>>
All, Okay I know this is truly a basic question, but this is after all the "security-BASICS" list! Most LAN configs I've seen include two, separate pieces of hardware to define the DMZ. A firewall on the outside and another firewall or policy switch on the inside is usually how I've seen that handled. My new company uses 3 separate NICs in the same firewall. One for inbound, one for the LAN and one for the DMZ. Each has it's own address block. It seems like using the firewall to do this makes sense, but I'd appreciate some external confirmation on that. The second issue is this: is there a rule of thumb to determine what should and should not go in the DMZ vs. the LAN? It seems to me that anything that requires access from outside the network (Ex. DNS servers, Mail servers, demo servers, etc.) should go in the DMZ. True? Thanks in advance. KC Smith --------------------------------------------------------------------------- ---------------------------------------------------------------------------- *************************************************************************** Messages included in this e-mail and any of its attachments are those of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times. This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this information should be deleted promptly and the sender notified. This e-mail has been scanned by Sophos for known viruses. However, no warranty nor liability is implied in this respect. ********************************************************************** --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Basic Network Configuration, (continued)
- Re: Basic Network Configuration DRAx (Oct 16)
- RE: Basic Network Configuration David Gillett (Oct 16)
- Re: Basic Network Configuration DRAx (Oct 16)
- Re: Basic Network Configuration DRAx (Oct 16)
- Re: Basic Network Configuration Ansgar -59cobalt- Wiechers (Oct 16)
- RE: Basic Network Configuration David Gillett (Oct 16)
- Re: Basic Network Configuration 'Ansgar -59cobalt- Wiechers' (Oct 16)
- RE: Basic Network Configuration David Gillett (Oct 17)
- Re: Basic Network Configuration 'Ansgar -59cobalt- Wiechers' (Oct 17)
- Ports used by VTAM Naren - Pactech (Oct 17)
- RE: Basic Network Configuration David Fore (Oct 15)