Firewall Wizards mailing list archives

Re: Shared DMZ liability

From: "James Wilson" <netsurf () sersol com>
Date: Thu, 20 Aug 1998 05:03:11 -1000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Do you have enough real addresses to set them up on separate subnets
and enable split horizon?    Would that be enough to separate them
from each other?

- --
James D. Wilson
http://www.pixi.com/~netsurf/
"non sunt multiplicanda entia praeter necessitatem"
    William of Ockham (1285-1347/49)

- -----Original Message-----
From: Frank Willoughby <frankw () in net>
To: Allen Todd <todd () susq com>
Cc: firewall-wizards () nfr net <firewall-wizards () nfr net>
Date: Wednesday, August 19, 1998 8:17 PM
Subject: Re: Shared DMZ liability

At 01:22 PM 8/18/98 -0400, Allen Todd wrote:


Hi,

I'm interested in whether anyone has any specific 
knowledge about corporate liablility resulting from
the use of a shared DMZ for external data providers.

Currently, we setup a seperate DMZ for each external
vendor but we are under management pressure to reduce
costs for a remote office by consolidating multiple 
vendors onto a single interface.  I am worried that
the vendors will be able to see each others traffic
on the DMZ and what kind of exposure this would 
bring to my company.

Thanks for any input or references,

Allen Todd
todd () susq com


If the vendors can see each other's traffic, then your potential
legal liabilities may be substantial (as always, get legal advice
from a lawyer, not here).

I know of instances where this happened.  Usually the parties
will settle out of court - primarily because each of them made 
mistakes which contributed to the situation.

I would recommend that you get an expert to design your DMZ network
connection and/or at least get it verified by someone who knows what
they are doing in this area.

Best Regards,


Frank

The opinions of the author of this mail may not necessarily be 
representative of the opinions of Fortifed Networks, Inc.

(c) Fortified Networks, Inc. - http://www.fortified.com/
Home of the Free Internet Firewall Evaluation Checklist
Expert (vendor-neutral) Computer and Network Security Solutions
Fixed Price Contracts - Expert Information Security Officers
Phone: (317) 573-0800     Fax: (317) 573-0817

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.5 for non-commercial use <http://www.nai.com>
Comment: All Spammers Are Thiefs - Support the Smith Bill

iQA/AwUBNdw6rzAufbtGOmgdEQK4VACg3zW8nyVM92G03vzNYkfJqxE+1FYAnR4Z
9jouEaW3+PXWjOd656q645jA
=DQs6
-----END PGP SIGNATURE-----

Current thread:

Shared DMZ liability Allen Todd (Aug 19)
- Re: Shared DMZ liability Bennett Todd (Aug 19)
- Re: Shared DMZ liability David Collier-Brown (Aug 19)
- Re: Shared DMZ liability Frank Willoughby (Aug 19)
- Re: Shared DMZ liability Rick Smith (Aug 23)
- <Possible follow-ups>
- Re: Shared DMZ liability James Wilson (Aug 23)
  - Re: Shared DMZ liability Frank Willoughby (Aug 23)
- Re[2]: Shared DMZ liability Steve . Bleazard (Aug 25)
  - Re: Re[2]: Shared DMZ liability Chad Schieken (Aug 25)
- Re[4]: Shared DMZ liability Steve . Bleazard (Aug 26)