Educause Security Discussion mailing list archives

Re: Rethinking the DMZ

From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Thu, 30 Aug 2012 19:11:19 -0400

Hi,

Columbia University has been running an open network for many years - if you search for my name and educause, you will find some of my presentations - you canget a good idea of how we do it from them


Enjoy!
Joel Rosenblatt

Joel Rosenblatt, Director, Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3



--On Thursday, August 30, 2012 9:09 PM +0000 "Youngquist, Jason R." <jryoungquist () CCIS EDU> wrote:

We are thinking about changing our network architecture.


As our network has grown and the complexity of our public facing systems and connectivity needs of those systems has 
increased, we are wondering what value
our DMZ delivers.



As an example, public facing systems in the DMZ that require access to LDAP/AD for AAA, SQL for database lookups, 
Exchange for mail delivery and relay, etc.



For those of you with non-trivial public facing systems, where do you draw the balance line between security and 
access?  If our most visible public facing
systems (most likely to be attacked) require internal AAA & SQL access, what are we protecting?



Given current system requirements and the evolution of security, are the reasons for setting up a DMZ 15 years ago 
still valid, and is the value of
maintaining a DMZ worth the associated costs and if not, what are the alternatives?





Thanks.

Jason Youngquist, CISSP

Information Technology Security Engineer

Technology Services

Columbia College

1001 Rogers Street, Columbia, MO  65216

(573) 875-7334

jryoungquist () ccis edu<mailto:jryoungquist () ccis edu>

http://www.ccis.edu




Joel Rosenblatt, Director, Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3

Current thread:

Rethinking the DMZ Youngquist, Jason R. (Aug 30)
- Re: Rethinking the DMZ Jeff Moore (Aug 30)
- Re: Rethinking the DMZ Joel Rosenblatt (Aug 30)
- Re: Rethinking the DMZ Harry Hoffman (Aug 30)
  - Re: Rethinking the DMZ John Hoffoss (Aug 31)
- Re: Rethinking the DMZ Julian Y Koh (Sep 04)
  - Re: Rethinking the DMZ Deke Kassabian (Sep 04)
    - Re: Rethinking the DMZ Haines, Ena (Sep 06)
    - Re: Rethinking the DMZ John Ladwig (Sep 06)
    - Re: Rethinking the DMZ Mike Caudill (Sep 06)
    - Re: Rethinking the DMZ Jeff Kell (Sep 06)
    - Re: Rethinking the DMZ Mike Caudill (Sep 06)
    - Re: Rethinking the DMZ David Byers (Sep 06)

(Thread continues...)