Re: Basic Network Configuration

[Valter Santos <vsantola () devfusion net>]

On Tue, 2003-10-14 at 17:40, Smith, KC wrote:

> My new company uses 3 separate NICs in the same firewall.  One for inbound, 
> one for the LAN and one for the DMZ.  Each has it's own address block.
> It seems like using the firewall to do this makes sense, but I'd 
> appreciate some external confirmation on that.
It's a very common practice in small to medium companies/networks. There
is no problem at all if everthing is well configured.

> The second issue is this: is there a rule of thumb to determine 
> what should and should not go in the DMZ vs. the LAN?  It seems 
> to me that anything that requires access from outside the network
>  (Ex. DNS servers, Mail servers, demo servers, etc.) should go in 
> the DMZ.  True?

You are right... everything that needs public exposure should be placed
inside a DMZ (public mailservers, webservers, dns servers, etc etc..)...
you can even use more DMZs to separate some public servers from
anothers, but is up to you. Public servers of any kind shouldn't be
placed inside an private LAN, since it's a major risk for company's
private assets if some of these servers are compromised.

cheers,
/valter

-- 

---..---..---..---..---..---..---..---..---..---..---..---..----
Valter Santos
keys      @ http://devfusion.net/~vsantola/
E2A4B206  @ 99FA 3D80 4B54 BA70 7DD7 C751 47BA 49BC E2A4 B206
---------------------------------------------------------------

Attachment: signature.asc
Description: This is a digitally signed message part