Firewall Wizards mailing list archives
Re: DMZ best practices
From: "John Kozubik" <john_kozubik_dc () hotmail com>
Date: Tue, 19 Jan 1999 10:24:39 PST
I can think of 2 reasons why you would want to hang machines off a third-interface of a firewall, as opposed to off a hub in from of the firewall;
(reasons omitted) Yes - these are perfectly valid. My point was not that you shouldn't hang machines off of a third NIC - in some cases you should. My point was that _if_ you do do that, don't call it a DMZ, because it is not the DMZ. I was haggling not about security policy, but about nomenclature. As far as keeping www and mail, etc. behind the firewall, note that my original email stated "behind _a_ firewall" and your email said they should not be kept behind _the_ firewall. If you only have one firewall, then YMMV. I said _a_ firewall because I wanted to denote that mail and www do _not_ belong in the DMZ. I don't care where you put them, and you are correct that putting them behind _THE_ firewall may not be such a hot idea, but putting them behind _a_ firewall is imperative. The DMZ is the area between the router and the firwall. Don't put critical machines of any kind in the DMZ. The machines hanging off of the third NIC do _not_ constitute a DMZ, no matter what your vendor tells you. kozubik - John Kozubik - john_kozubik () hotmail com PGP DSS: 0EB8 4D07 D4D5 0C28 63FE AD87 520F 57BE 850B E4C4 ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- DMZ best practices Perry, David (Jan 15)
- Re: DMZ best practices Bennett Todd (Jan 19)
- <Possible follow-ups>
- Re: DMZ best practices John Kozubik (Jan 18)
- Re: DMZ best practices Jeromie Jackson (Jan 19)
- Re: DMZ best practices Amos Hayes (Jan 20)
- Re: DMZ best practices Dominique Brezinski (Jan 19)
- Re: DMZ best practices Jeromie Jackson (Jan 19)
- Re: DMZ best practices Bill_Royds (Jan 19)
- RE: DMZ best practices Andreas Haug (Jan 20)
- Re: DMZ best practices John Kozubik (Jan 20)
- Re: DMZ best practices Security (Jan 20)
- Re: DMZ best practices Dominique Brezinski (Jan 21)
- RE: DMZ best practices Bill_Royds (Jan 21)
- RE: DMZ best practices Andreas Haug (Jan 26)
- Re: RE: DMZ best practices Robert MACDONALD (Jan 21)
- Re: RE: DMZ best practices Joseph S D Yao (Jan 26)
- RE: DMZ best practices Security (Jan 26)
- RE: DMZ best practices Dominique Brezinski (Jan 26)
- RE: DMZ best practices David LeBlanc (Jan 27)
- DMZ best practices Arjen Rijpma (Jan 26)
(Thread continues...)