Educause Security Discussion mailing list archives

Philosophy of DMZ

From: "Barros, Jacob" <jkbarros () GRACE EDU>
Date: Tue, 19 Apr 2005 16:30:57 -0500

I've run into a situation where a solution we are implementing requires
a web server to be on our inside network but needs to be accessed
externally.  This is happening much more frequently than I would like.
We're doing some long-term planning and my office would like some
feedback from other institutions.  

If I'm going to have to keep adding servers that can be accessed
directly, is there still reason to have a DMZ? My understanding of
having a DMZ, is to not allow public external access to internal servers
and all requests to internal servers should be answered by a
proxy/reverse proxy server.  Am I just an idealist?  

Can anyone share experiences with proxying?  Anyone ever scrap their
DMZ?  Any policies that you can share on external access to internal web
servers? 

Jake Barros
Grace College

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Philosophy of DMZ Barros, Jacob (Apr 19)
- <Possible follow-ups>
- Re: Philosophy of DMZ Steven Osit (Apr 19)
- Re: Philosophy of DMZ Michael J. Benedetto (Apr 19)
- Re: Philosophy of DMZ Scholz, Greg (Apr 19)
- Re: Philosophy of DMZ Barros, Jacob (Apr 19)
- Re: Philosophy of DMZ Ron Parker (Apr 19)
- Re: Philosophy of DMZ Mills, Michael (Apr 20)
- Re: Philosophy of DMZ Davis, Thomas R. (Apr 20)
- Re: Philosophy of DMZ Daniel Adinolfi (Apr 20)
- Re: Philosophy of DMZ Scholz, Greg (Apr 20)
- Re: Philosophy of DMZ Kowal, Michael (Apr 20)

(Thread continues...)