DMZ or no DMZ architecture?

- T
- tabletoni
  
  Contact options for registered users
posted
16 years ago

Thu, Jul 19, 2007 11:45 AM

Hi group! My company IT network architecture actually is based on separation between DMZ zone (Mail, Web and DNS servers) and intranet zone (Windows 2000 AD, Exchange and internals aplication servers) managed by IPCOP Box (orange and green zone). IPCop is also used as external firewall/NAT/Proxy. We have a security audition by an external company and they recommend to eliminate DMZ zone and integrate all servers into an high disponibility linux cluster. I think that this is not a really good idea and there's not justification to eliminate DMZ zone, perhaps it would be more secure to have 2 clusters, one in DMZ and the other one in green zone. Am I thinking OK? Any sugestion? Thanks in advance

Loading thread data ...

- W
- Wolfgang Kueter
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Thu, Jul 19, 2007 1:38 PM

They seem to have no clue, so I'd recommend you don't pay them.

It is correct, to put servers that offer public services in one or more seperate subnets.

There is nothing wrong with clustering and there is nothing wrong with subnetting.

Wolfgang

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.