DMZ or no DMZ architecture?

DMZ or no DMZ architecture?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
DMZ or no DMZ architecture? tabletoni 07-19-2007
Posted by on July 19, 2007, 7:45 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi group! My company IT network architecture actually is based on
separation between DMZ zone (Mail, Web and DNS servers) and intranet
zone (Windows 2000 AD, Exchange and internals aplication servers)
managed by IPCOP Box (orange and green zone). IPCop is also used as
external firewall/NAT/Proxy. We have a security audition by an
external company and they recommend to eliminate DMZ zone and
integrate all servers into an high disponibility linux cluster. I
think that this is not a really good idea and there's not
justification to eliminate DMZ zone, perhaps it would be more secure
to have 2 clusters, one in DMZ and the other one in green zone. Am I
thinking OK? Any sugestion? Thanks in advance


Posted by Wolfgang Kueter on July 19, 2007, 9:38 am
If you were  Registered and logged in, you could reply and use other advanced thread options
tabletoni@gmail.com wrote:


> We have a security audition by an
> external company and they recommend to eliminate DMZ zone and
> integrate all servers into an high disponibility linux cluster. I

They seem to have no clue, so I'd recommend you don't pay them.

> I think that this is not a really good idea and there's not
> justification to eliminate DMZ zone,

It is correct, to put servers that offer public services in one or more
seperate subnets.

> perhaps it would be more secure
> to have 2 clusters, one in DMZ and the other one in green zone. Am I
> thinking OK? Any sugestion?

There is nothing wrong with clustering and there is nothing wrong with
subnetting.

Wolfgang

Similar ThreadsPosted
How to create a manageable DMZ architecture? November 20, 2007, 3:19 am

The site map in XML format XML site map

Contact Us | Privacy Policy