RE: newbie to DMZ

["me null" <me_null () hotmail com>]

replys,
1. ok point noted

2. i didnt want to make it in to a career, but i do not mind some work

3. yeah thats why i thought this might be the better route. No, i wasnt 
going to put my "network" server in the DMZ, now that i think of it tho... 
should i go w/ 2 DMZs? to take the "network" server from the internal 
network to prevent .. ">(The point of a DMZ is to protect the internal 
network from servers that might be compromised from the outside world....)" 
or would it be fine to leave my network server on the internal network... 
from a security stand point. as always TY for any / alll help -- ME

> From: "David Gillett" <gillettdavid () fhda edu>
> Reply-To: <gillettdavid () fhda edu>
> To: "'me null'" <me_null () hotmail com>,<security-basics () securityfocus com>
> Subject: RE: newbie to DMZ
> Date: Wed, 27 Aug 2003 09:43:57 -0700
>
>   Option 2 has three advantages:
>
> 1.  One device rather than two.  Even if you have a stack of old
> Pentiums to run open source firewalls on, the electricity to run
> them 24x7 isn't really free.
>
> 2.  All of your firewall rules are in one place, maintained using
> one set of tools.  You probably weren't planning to make a career
> of securing this one network.
>
> 3.  Traffic between internal clients and remote hosts never appears
> on the DMZ segment.  Someone who breaks into a server on the DMZ cannot
> install a sniffer there and gain leverage toward your internal network.
> (The point of a DMZ is to protect the internal network from servers
> that might be compromised from the outside world....)
>
>   NOTE:  The DMZ is for servers accessible from the outside world.
> Your server that is just for your own network does NOT go into the
> DMZ!
>
> David Gillett
>
>
> > -----Original Message-----
> > From: me null [mailto:me_null () hotmail com]
> > Sent: August 26, 2003 13:41
> > To: security-basics () securityfocus com
> > Subject: newbie to DMZ
> >
> >
> > Hello, i have a question regarding DMZ design. i have 2
> > servers, 1 is for
> > the Internet the ither is for my Network. Now speeking from a
> > security stand
> > point, woulkd it be better to have option 1 or option 2 ? or option 3
> > (other) any why please.
> >
> > option 1         Internet -------- DMZ ---------
> > Privet/Internal Network So
> > u would connect from ur pri. network to the internet through
> > the DMZ.. or
> >
> > option 2         Internet      so u connect through a router
> > instead of the
> > DMZ
> >                          |
> >          DMZ ---  Router --- Privet Network
> >
> > I would amagine the option 2 would be better but comfermation
> > would be a
> > good thing..
> > also links / ideas / comments / warrnings are all appricated
> > TY -- peace  --
> > ME
> >
> > _________________________________________________________________
> > Get MSN 8 and help protect your children with advanced
> > parental controls.
> > http://join.msn.com/?page=features/parental
> >
> >
> > --------------------------------------------------------------
> > -------------
> > Attend Black Hat Briefings & Training Federal, September
> > 29-30 (Training),
> > October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
> > technical IT security event.  Modeled after the famous Black
> > Hat event in
> > Las Vegas! 6 tracks, 12 training sessions, top speakers and
> > sponsors.
> > Symantec is the Diamond sponsor.  Early-bird registration
> > ends September 6.Visit us: www.blackhat.com
> > --------------------------------------------------------------
> > --------------
> >
>
> ---------------------------------------------------------------------------
> Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
> October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
> technical IT security event.  Modeled after the famous Black Hat event in
> Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
> Symantec is the Diamond sponsor.  Early-bird registration ends September 
> 6.Visit us: www.blackhat.com
> ----------------------------------------------------------------------------

_________________________________________________________________
Get MSN 8 and enjoy automatic e-mail virus protection.    
http://join.msn.com/?page=features/virus


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------