Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Basic Network Configuration

From: "Ivan Coric" <ivan.coric () workcoverqld com au>
Date: Wed, 15 Oct 2003 09:28:14 +1000
Hi KC,
A traditional setup, and a good one. If possible don't allow any direct comms from the LAN to the internet, or at least 
limit it.



internet<-------------------->Firewal<-------------------->LAN---------Internet proxy
                                                  |                                            |—------Mail Server
                                                  |                                            |—------DNS Server
                                               DMZ
                                        Internet Proxy
                                           Mail Relay
                                                DNS


Regards
Ivan


Ivan Coric
IT Technical Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coric () workcoverqld com au


"Smith, KC" <ksmith () systemsalliance com> 10/15/03 02:40am >>>

All,

Okay I know this is truly a basic question, but this is after all the "security-BASICS" list!

Most LAN configs I've seen include two, separate pieces of hardware to define the DMZ.  A firewall on the outside and 
another firewall or policy switch on the inside is usually how I've seen that handled.

My new company uses 3 separate NICs in the same firewall.  One for inbound, one for the LAN and one for the DMZ.  Each 
has it's own address block.

It seems like using the firewall to do this makes sense, but I'd appreciate some external confirmation on that.

The second issue is this: is there a rule of thumb to determine what should and should not go in the DMZ vs. the LAN?  
It seems to me that anything that requires access from outside the network (Ex. DNS servers, Mail servers, demo 
servers, etc.) should go in the DMZ.  True?

Thanks in advance.
KC Smith


---------------------------------------------------------------------------
----------------------------------------------------------------------------







***************************************************************************
Messages included in this e-mail and any of its attachments are those
of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used 
for the intended purpose only and are to be kept confidential at all times.
This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this 
information should be deleted promptly and the sender notified.
This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.
**********************************************************************


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: