Security Basics mailing list archives

Re: Placing Test Server in DMZ

From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Fri, 20 Mar 2009 08:54:55 +0100

On 2009-03-19 ahgaber_rehan () yahoo com wrote:

What if we have a test server that requires VPN connection to external
vendor. is it advisable to put it in DMZ (since DMZ is should only be
for production servers), or better to keep  it inside the network ?


Test servers should not be on either your LAN or the network with your
productive servers, but on a network of their own. Also external vendors
should not have access to your LAN, unless there's a really good reason
to grant them access.

You aren't limited to having just one DMZ. Create a second DMZ, put the
test server in there, and give the external vendor VPN access to that
DMZ.

Regards
Ansgar Wiechers
-- 
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------

Current thread:

Placing Test Server in DMZ ahgaber_rehan (Mar 19)
- RE: Placing Test Server in DMZ Craig S. Wright (Mar 19)
- RE: Placing Test Server in DMZ David Gillett (Mar 20)
- Re: Placing Test Server in DMZ Ansgar Wiechers (Mar 24)