RE: newbie to DMZ

["David Gillett" <gillettdavid () fhda edu>]

  Option 2 has three advantages:

1.  One device rather than two.  Even if you have a stack of old
Pentiums to run open source firewalls on, the electricity to run
them 24x7 isn't really free.

2.  All of your firewall rules are in one place, maintained using
one set of tools.  You probably weren't planning to make a career
of securing this one network.

3.  Traffic between internal clients and remote hosts never appears
on the DMZ segment.  Someone who breaks into a server on the DMZ cannot 
install a sniffer there and gain leverage toward your internal network.
(The point of a DMZ is to protect the internal network from servers
that might be compromised from the outside world....)

  NOTE:  The DMZ is for servers accessible from the outside world.
Your server that is just for your own network does NOT go into the
DMZ!

David Gillett


> -----Original Message-----
> From: me null [mailto:me_null () hotmail com]
> Sent: August 26, 2003 13:41
> To: security-basics () securityfocus com
> Subject: newbie to DMZ
>
>
> Hello, i have a question regarding DMZ design. i have 2 
> servers, 1 is for 
> the Internet the ither is for my Network. Now speeking from a 
> security stand 
> point, woulkd it be better to have option 1 or option 2 ? or option 3 
> (other) any why please.
>
> option 1         Internet -------- DMZ --------- 
> Privet/Internal Network So 
> u would connect from ur pri. network to the internet through 
> the DMZ.. or
>
> option 2         Internet      so u connect through a router 
> instead of the 
> DMZ
>                          |
>          DMZ ---  Router --- Privet Network
>
> I would amagine the option 2 would be better but comfermation 
> would be a 
> good thing..
> also links / ideas / comments / warrnings are all appricated 
> TY -- peace  -- 
> ME
>
> _________________________________________________________________
> Get MSN 8 and help protect your children with advanced 
> parental controls.  
> http://join.msn.com/?page=features/parental
>
>
> --------------------------------------------------------------
> -------------
> Attend Black Hat Briefings & Training Federal, September 
> 29-30 (Training), 
> October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
> technical IT security event.  Modeled after the famous Black 
> Hat event in 
> Las Vegas! 6 tracks, 12 training sessions, top speakers and 
> sponsors.  
> Symantec is the Diamond sponsor.  Early-bird registration 
> ends September 6.Visit us: www.blackhat.com
> --------------------------------------------------------------
> --------------

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------