Firewall Wizards mailing list archives
Re: DMZ or not ?
From: Frederick M Avolio <fred () avolio com>
Date: Fri, 08 Oct 1999 13:08:59 -0400
At 11:57 AM 10/6/99 -0200, fgb () domain com br wrote:
We are in way now, to install a public web server and a DNS server. What are de advantages and disadvantages of placing this servers behind the firewall and performNAT or Port forwarding, instead of using a DMZ ?
I try not to let such open communication like this from outside to inside. Also, typically one cares about performance when one is setting up a web server.
I like the web server outside the main firewall but behind a filtering router. Allow only web traffic from outside to the web server. I turn off all services on the firewall except the http server (and maybe a telnet or ssh server but only allow such traffic from the inside (from the main firewall), remove any user accounts, require admin with non-reusable passwords, and strip out any extra tools not needed by a web server. Then put a system monitoring program on the web server.
Fred Avolio Consulting 16228 Frederick Road, PO Box 609, Lisbon, MD 21765, US +1 410-309-6910 (voice) +1 410-309-6911 (fax) http://www.avolio.com/
Current thread:
- DMZ or not ? fgb (Oct 06)
- RE: DMZ or not ? Thomas Crowe (Oct 08)
- Re: DMZ or not ? Frederick M Avolio (Oct 12)
- <Possible follow-ups>
- RE: DMZ or not ? Ben Nagy (Oct 12)
- RE: DMZ or not ? Moore, James (Oct 12)
- RE: DMZ or not ? Thomas Crowe (Oct 12)
- RE: DMZ or not ? Mike Coppage (Oct 13)
- RE: DMZ or not ? Thomas Crowe (Oct 16)
- Re: DMZ or not ? Mikael Olsson (Oct 16)
- Re: DMZ or not ? Cristiano Lincoln Mattos (Oct 12)
- RE: DMZ or not ? Harris Raymond D JR CIV AFAA/MSI (Oct 12)
- RE: DMZ or not ? sean . kelly (Oct 12)