[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] DMZ advantages
A properly implemented DMZ will add security to your network. There are 2 types of DMZ's, protected and unprotected. An unprotected DMZ is the area between your border router and your firewall. A protected DMZ is off to the side of your firewall. Either way, the setup and types of machines you'd place their would be the same. This is where you place your web servers, mail servers, DNS,etc. Basically anything that the outside world has contact with. The rules are simple, 1 anyone in the internet can access these machines, 2 anyone on your network can access these machines, 3 these machines cannot access your protected network, 4 the internet cannot access your protected network. (yes it can reply, it can't initiate) IE, if you put your DNS box out there, you can query it, and it can reply, but it cannot initiate a connection into your protected network. So anything in the DMZ is not a part of your NT Domain, nor is it a trusted domain. You should consider these boxes to be "hostile" or at least as unfriendly as you'd consider anything else on the internet. You have to be willing to lose anything in your DMZ. If you implement a protected DMZ (recommended) you have substantially more protected, ie, only smtp can get to your mail server, only http can get to your web server, only dns over udp can get to your dns server. -----Original Message----- From: MARIO MORENO CUERVO [mailto:[email protected]] Sent: Wednesday, June 20, 2001 7:23 AM To: '[email protected]' Subject: [FW1] DMZ advantages Hello Gurus We are thinking about to implement a DMZ in our network. Could you please share your experience (advantages and disadvantages) working with DMZs. Thanks a lot for your help. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|