Re: Shared DMZ liability

[Frank Willoughby <frankw () in net>]

At 01:22 PM 8/18/98 -0400, Allen Todd wrote:
> Hi,
>
> I'm interested in whether anyone has any specific 
> knowledge about corporate liablility resulting from
> the use of a shared DMZ for external data providers.
>
> Currently, we setup a seperate DMZ for each external
> vendor but we are under management pressure to reduce
> costs for a remote office by consolidating multiple 
> vendors onto a single interface.  I am worried that
> the vendors will be able to see each others traffic
> on the DMZ and what kind of exposure this would 
> bring to my company.
>
> Thanks for any input or references,
>
> Allen Todd
> todd () susq com

If the vendors can see each other's traffic, then your potential
legal liabilities may be substantial (as always, get legal advice
from a lawyer, not here).

I know of instances where this happened.  Usually the parties
will settle out of court - primarily because each of them made 
mistakes which contributed to the situation.

I would recommend that you get an expert to design your DMZ network
connection and/or at least get it verified by someone who knows what
they are doing in this area.

Best Regards,


Frank

The opinions of the author of this mail may not necessarily be 
representative of the opinions of Fortifed Networks, Inc.

(c) Fortified Networks, Inc. - http://www.fortified.com/
Home of the Free Internet Firewall Evaluation Checklist
Expert (vendor-neutral) Computer and Network Security Solutions
Fixed Price Contracts - Expert Information Security Officers
Phone: (317) 573-0800     Fax: (317) 573-0817