Re: Flat vs Segmented DMZ's

[Dave Piscitello <dave () corecom com>]

First, I assume you mean "multiple DMZ segments", not "there's a DMZ LAN
behind my firewall, then a router, then another LAN"... if correct, then 
proceed,
if not, ignore...

What's the business rationale for segmenting?

I know that for a hosting company/IDC, you might segment according to 
customer needs and feeds - if you have a 100 Mbps into the data center, you 
may use VLANs and traffic enforcement to give 20 subscribers individualized 
security policy and a bandwidth commitment.

If you're an enterprise, are you trying to compartmentalize business units? 
Allocate and prioritize bandwidth across business units or special purposed 
servers? Unique security policies per DMZ segment?

At 08:28 AM 11/6/2002 -0800, WhtWlf2001 wrote:
> I'm hoping to get some feedback (Pros/Cons) from the list members on a 
> Flat vs. Segmented DMZ
> structure. We currently have about 20 hosts segmented off to 4-5 different 
> DMZ interfaces on a CP
> firewall. With the exception of having a seperate MGMT DMZ, I'm curious 
> about the
> benefits/detriments to having this segmented infrastructure. Today we 
> offer only limited web
> services (http,ftp,owa) via the web.
>
> Thanks in advance for your reply.
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! News - Today's headlines
> http://news.yahoo.com
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


David M. Piscitello
Core Competence, Inc. &
3 Myrtle Bank Lane
Hilton Head, SC 29926
dave () corecom com
843.689.5595
www.corecom.com



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards