DMZ Security Question.

["tony toni" <tony572001 () hotmail com>]

Hi,

I have a generalized security question about what type of activities should 
be allowed on a corporate DMZ.  To give you a bit of background...we have 
had ours in place for about 4 years now but lately we are getting a ton of 
requests for opening up more ports/services on the DMZ firewalls.  Examples 
include setting up a chat server on the DMZ, allowing 
employees/contractors/applications  access from the DMZ to the internal 
network and vice versa, vendors wanting to SSH to servers on the DMZ, etc.

The is my question…what are some disturbing trends/practices that you have 
seen taking place on a DMZ over the past year or so?  It seems as though our 
DMZ firewalls are looking more and more like Swiss cheese.  Everyone is 
wanting more services turned on, ports opened up, and sticking test (ie 
production? )servers out on the DMZ.   BTW…we do not have any 
standards/procedures in this area….so this could be part of our problem.

Any help or advice you can offer is appreciated.  If you know of any good 
standards or white papers in this area...pass them on also.

Tony
Security Project Manager





_________________________________________________________________
Get a speedy connection with MSN Broadband.  Join now! 
http://resourcecenter.msn.com/access/plans/freeactivation.asp