Firewall Wizards mailing list archives
segmentation of DMZs
From: "Shimon Silberschlag" <shimons () bll co il>
Date: Thu, 14 Nov 2002 12:35:21 +0200
As a spin-off for the thread "Flat vs. Segmented DMZ's", I would like to ask the group if they support/oppose segmenting even segments conducting the same work to sub-segments. Lets say we have an hypothetical internet infrastructure composed of 3 different segments: presentation, business logic and databases. The inter-segment traffic is controlled using switch level protection - either "protected ports" if layer 2 or ACLs if layer 3. Now, some folks here offer to further segment the infrastructure by having separate physical segments for presentation servers (WWW) that provide authenticated services (and hence have as audience a small subset of the internet crowd but do provide much more sensitive information) and those that are not authenticated (thus can serve the entire internet population). They also would like to break the database segment to 2 sub-segments for "sensitive" databases and those that are "not so sensitive". I would like to enquire if anyone in the group either implemented such a design or supports it, and what are the reasons for doing so. If you think this is an overkill, pls do specify why. Shimon Silberschlag +972-3-9352785 +972-51-207130 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Mainframes on the Net? Don Kendrick (Nov 13)
- Re: Mainframes on the Net? Paul Robertson (Nov 13)
- Re: Mainframes on the Net? Barney Wolff (Nov 13)
- segmentation of DMZs Shimon Silberschlag (Nov 14)
- Re: segmentation of DMZs Paul D. Robertson (Nov 14)
- Re: segmentation of DMZs Carson Gaspar (Nov 14)
- Re: segmentation of DMZs Mikael Olsson (Nov 16)
- Re: segmentation of DMZs Carson Gaspar (Nov 17)
- Re: segmentation of DMZs Miles Sabin (Nov 15)
- RE: segmentation of DMZs Ofir Arkin (Nov 18)
- Re: Mainframes on the Net? Paul Robertson (Nov 13)
- Re: Mainframes on the Net? Lorens Kockum (Nov 14)
- <Possible follow-ups>
- RE: Mainframes on the Net? Scott, Richard (Nov 13)
- RE: Mainframes on the Net? Noonan, Wesley (Nov 13)