Educause Security Discussion mailing list archives

Re: Philosophy of DMZ

From: Daniel Adinolfi <dra1 () CORNELL EDU>
Date: Wed, 20 Apr 2005 10:13:34 -0400

On Apr 19, 2005, at 18:11, Barros, Jacob wrote:

We have some here of the impression that anything in the DMZ is a
'sacrificial lamb'.  This new solution is mission critical to the
institution.  Can you quell the nay-sayer's fears?  Any best practices
you can reference?

Jacob, et al.,

A DMZ should not be considered a sacrificial lamb. Instead, it should
be considered a zone of control that has a unique set of requirements.
Each zone of control in your environment (different server areas, staff
nets, student nets, wireless, etc.) have different requirements. If
you mix these zones, the lowest common denominator becomes the security
policy for all of them. Instead, if you partition your network by the
security requirements demanded by the data resources on those networks,
you can create customized policies that affect the networks
specifically.

For a simplistic example, consider an environment where you have
servers with sensitive information that no one outside your network
needs access to and servers with data that the public need access to.
The security policy for the former will be much more strict than the
policy for the latter. The former may require dual factor
authentication for access, very strict firewall rules, more extensive
auditing of network and systems activity, etc. The latter requires
much more access and will include far more audit information, which
would be unmanageable if monitored.

If you separate these environments, you can apply your policies without
compromising the security of the more sensitive data while not making
the public data inaccessible.

This way of thinking comes in very handy when considering the types of
data we need to protect on campuses: FERPA, GLBA, HIPAA, etc.
Departments have servers that handle both legislated data and
non-legislated data. If you separate these types of data, you can
apply policies much more easily. This data-centric model is the core
of many of our information security efforts at Cornell.

Also, one can partition based on other factors, such as the users
(e.g., staff vs. students) or access requirements (does anyone really
need to hit your printers from off-campus?).

So, the traditional idea of "DMZ vs. not DMZ" is a bit obsolete.
Instead, partition your network and systems based on their security
requirements and implement the technology to satisfy those requirements
for each partition.

Feel free to contact me if you have any questions.

-Dan
_________________
Daniel Adinolfi, CISSP
Senior Security Engineer, IT Security Office
Cornell University - Office of Information Technologies
email: dra1 () cornell edu phone: 607-255-7657

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at
http://www.educause.edu/groups/.

Current thread:

Philosophy of DMZ Barros, Jacob (Apr 19)
- <Possible follow-ups>
- Re: Philosophy of DMZ Steven Osit (Apr 19)
- Re: Philosophy of DMZ Michael J. Benedetto (Apr 19)
- Re: Philosophy of DMZ Scholz, Greg (Apr 19)
- Re: Philosophy of DMZ Barros, Jacob (Apr 19)
- Re: Philosophy of DMZ Ron Parker (Apr 19)
- Re: Philosophy of DMZ Mills, Michael (Apr 20)
- Re: Philosophy of DMZ Davis, Thomas R. (Apr 20)
- Re: Philosophy of DMZ Daniel Adinolfi (Apr 20)
- Re: Philosophy of DMZ Scholz, Greg (Apr 20)
- Re: Philosophy of DMZ Kowal, Michael (Apr 20)
- Re: Philosophy of DMZ Herrera Reyna Omar (Apr 20)
- Re: Philosophy of DMZ Cal Frye (Apr 20)