DMZ or no DMZ architecture? - Firewalls

This is a discussion on DMZ or no DMZ architecture? - Firewalls ; Hi group! My company IT network architecture actually is based on separation between DMZ zone (Mail, Web and DNS servers) and intranet zone (Windows 2000 AD, Exchange and internals aplication servers) managed by IPCOP Box (orange and green zone). IPCop ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: DMZ or no DMZ architecture?

  1. DMZ or no DMZ architecture?

    Hi group! My company IT network architecture actually is based on
    separation between DMZ zone (Mail, Web and DNS servers) and intranet
    zone (Windows 2000 AD, Exchange and internals aplication servers)
    managed by IPCOP Box (orange and green zone). IPCop is also used as
    external firewall/NAT/Proxy. We have a security audition by an
    external company and they recommend to eliminate DMZ zone and
    integrate all servers into an high disponibility linux cluster. I
    think that this is not a really good idea and there's not
    justification to eliminate DMZ zone, perhaps it would be more secure
    to have 2 clusters, one in DMZ and the other one in green zone. Am I
    thinking OK? Any sugestion? Thanks in advance


  2. Re: DMZ or no DMZ architecture?

    tabletoni@gmail.com wrote:


    > We have a security audition by an
    > external company and they recommend to eliminate DMZ zone and
    > integrate all servers into an high disponibility linux cluster. I


    They seem to have no clue, so I'd recommend you don't pay them.

    > I think that this is not a really good idea and there's not
    > justification to eliminate DMZ zone,


    It is correct, to put servers that offer public services in one or more
    seperate subnets.

    > perhaps it would be more secure
    > to have 2 clusters, one in DMZ and the other one in green zone. Am I
    > thinking OK? Any sugestion?


    There is nothing wrong with clustering and there is nothing wrong with
    subnetting.

    Wolfgang

+ Reply to Thread