Re: Philosophy of DMZ

["Davis, Thomas R." <tdavis () IU EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----Original Message----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Barros, Jacob
Sent: Tuesday, April 19, 2005 5:11 PM To:
SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Philosophy of DMZ

> We have some here of the impression that anything in the DMZ is a
> 'sacrificial lamb'.  This new solution is mission critical to the
> institution.  Can you quell the nay-sayer's fears?  Any best
> practices you can reference?

If you talk to two different people, you'll get (at least) two
different definitions of what a DMZ is.  ;-)  One could be the area
between a border router and the firewall; another could be a screened
subnet off of your firewall.  IMHO, the latter is a "best practice"
in that you can instrument it with an IDS and monitor it much closer
than you could the former.

- -- 
Tom Davis, IT Security Officer, CISSP, CISM, GCIA
Office of the VP for Information Technology, Indiana University
PGP key or S/MIME certificate: https://itso.iu.edu/Tom_Davis

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQmZgOnMQ7XQGtBENEQJ6HgCeLj8PvMuRQ4uwrPl5mgFUKkhpSPsAniym
0p0iDX3B8e1uHTQMHhmOq+Kx
=OE4V
-----END PGP SIGNATURE-----

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.