Re: Basic Network Configuration

["Chris Berry" <compjma () hotmail com>]

> From: "Smith, KC" <ksmith () systemsalliance com>
> Most LAN configs I've seen include two, separate pieces of hardware to 
> define the DMZ.  A firewall on the outside and another firewall or policy 
> switch on the inside is usually how I've seen that handled.
> My new company uses 3 separate NICs in the same firewall.  One for inbound, 
> one for the LAN and one for the DMZ.  Each has it's own address block.
> It seems like using the firewall to do this makes sense, but I'd appreciate 
> some external confirmation on that.

In theory two seperate and different devices add to your security by 
reducing the single point of failure, however this depends heavily on how 
much administrative resources you have available.

> The second issue is this: is there a rule of thumb to determine what should 
> and should not go in the DMZ vs. the LAN?  It seems to me that anything 
> that requires access from outside the network (Ex. DNS servers, Mail 
> servers, demo servers, etc.) should go in the DMZ.  True?

You're pretty much on the ball there.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"We are successful when our bosses wonder what it is we do all day."  -- Tim 
Mullen

_________________________________________________________________
Send instant messages to anyone on your contact list with  MSN Messenger 
6.0.  Try it now FREE!  http://msnmessenger-download.com


---------------------------------------------------------------------------
----------------------------------------------------------------------------