Firewall Wizards mailing list archives

Re: DMZ best practices

From: Amos Hayes <ahayes () polkaroo net>
Date: Tue, 19 Jan 1999 16:04:32 -0500 (EST)

On Mon, 18 Jan 1999, Jeromie Jackson wrote:

At 04:03 PM 1/16/99 -0800, John Kozubik wrote:

Now, what kind of machines would you put in the DMZ?  Not many, in my 
opinion.  Mail, news, www, etc. should _always_ be behind a firewall 
with a security policy in place.


Your  web server certainly should NOT be behind your firewall.  This would
completely compromise the function of the firewall.


I think people might have misunderstood John's comment. "A firewall" is
not necessarily "Your (one and only) firewall".

I would agree that all your servers should be behind a firewall. But that
doesn't mean that they should all be behind one of your _innermost_
firewalls.

--
Amos Hayes
ahayes () polkaroo net                  Ingenia Group - Software Kinetics Ltd.
http://polkaroo.net/~ahayes                     http://www.sofkin.ca

Current thread:

DMZ best practices Perry, David (Jan 15)
- Re: DMZ best practices Bennett Todd (Jan 19)
- <Possible follow-ups>
- Re: DMZ best practices John Kozubik (Jan 18)
  - Re: DMZ best practices Jeromie Jackson (Jan 19)
    - Re: DMZ best practices Amos Hayes (Jan 20)
  - Re: DMZ best practices Dominique Brezinski (Jan 19)
- Re: DMZ best practices Bill_Royds (Jan 19)
  - RE: DMZ best practices Andreas Haug (Jan 20)
- Re: DMZ best practices John Kozubik (Jan 20)
- Re: DMZ best practices Security (Jan 20)
  - Re: DMZ best practices Dominique Brezinski (Jan 21)
- RE: DMZ best practices Bill_Royds (Jan 21)
  - RE: DMZ best practices Andreas Haug (Jan 26)
- Re: RE: DMZ best practices Robert MACDONALD (Jan 21)
  - Re: RE: DMZ best practices Joseph S D Yao (Jan 26)

(Thread continues...)