Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] DMZ advantages

To: "'MARIO MORENO CUERVO'" <[email protected]>, "'[email protected]'" <[email protected]>
Subject: RE: [FW1] DMZ advantages
From: Steve Moran <[email protected]>
Date: Wed, 20 Jun 2001 16:02:28 -0600
Sender: [email protected]

A properly implemented DMZ will add security to your network.  
There are 2 types of DMZ's, protected and unprotected.
An unprotected DMZ is the area between your border router and your firewall.
A protected DMZ is off to the side of your firewall.  
Either way, the setup and types of machines you'd place their would be the
same.  This is where you place your web servers, mail servers, DNS,etc.
Basically anything that the outside world has contact with.  

The rules are simple, 
1 anyone in the internet can access these machines, 
2 anyone on your network can access these machines, 
3 these machines cannot access your protected network,
4 the internet cannot access your protected network. (yes it can reply, it
can't initiate)
IE, if you put your DNS box out there, you can query it, and it can reply,
but it cannot initiate a connection into your protected network.  
So anything in the DMZ is not a part of your NT Domain, nor is it a trusted
domain.  You should consider these boxes to be "hostile" or at least as
unfriendly as you'd consider anything else on the internet.  You have to be
willing to lose anything in your DMZ.  If you implement a protected DMZ
(recommended) you have substantially more protected, ie, only smtp can get
to your mail server, only http can get to your web server, only dns over udp
can get to your dns server.

-----Original Message-----
From: MARIO MORENO CUERVO [mailto:[email protected]]
Sent: Wednesday, June 20, 2001 7:23 AM
To: '[email protected]'
Subject: [FW1] DMZ advantages



Hello Gurus

We are thinking about to implement a DMZ in our network. Could you please
share your experience (advantages and disadvantages) working with DMZs. 

Thanks a lot for your help.


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] drop on domain-tcp service - help
Next by Date: Re: [FW1] Failed to download security policy : Connection refused
Previous by thread: [FW1] DMZ advantages
Next by thread: RE: [FW1] DMZ advantages
Index(es):
- Date
- Thread