Home page logo

basics logo Security Basics mailing list archives

DMZ Security Question.
From: "tony toni" <tony572001 () hotmail com>
Date: Thu, 31 Oct 2002 14:04:48 -0800


I have a generalized security question about what type of activities should be allowed on a corporate DMZ. To give you a bit of background...we have had ours in place for about 4 years now but lately we are getting a ton of requests for opening up more ports/services on the DMZ firewalls. Examples include setting up a chat server on the DMZ, allowing employees/contractors/applications access from the DMZ to the internal network and vice versa, vendors wanting to SSH to servers on the DMZ, etc.

The is my question…what are some disturbing trends/practices that you have seen taking place on a DMZ over the past year or so? It seems as though our DMZ firewalls are looking more and more like Swiss cheese. Everyone is wanting more services turned on, ports opened up, and sticking test (ie production? )servers out on the DMZ. BTW…we do not have any standards/procedures in this area….so this could be part of our problem.

Any help or advice you can offer is appreciated. If you know of any good standards or white papers in this area...pass them on also.

Security Project Manager

Get a speedy connection with MSN Broadband.  Join now! http://resourcecenter.msn.com/access/plans/freeactivation.asp

  By Date           By Thread  

Current thread:
  • DMZ Security Question. tony toni (Nov 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]