I'm curious to some of your opinions, what would you put in a DMZ?

What would you guys put in your DMZ? For example, Spam Filter, Firewalls, IDS, IPS, Proxy Server, etc. I'd like to know your guys/girls opinions on this, particularly, what would you put first, second.

Find more posts tagged with

Comments

TheFORCE

danny069 wrote: »

What would you guys put in your DMZ? For example, Spam Filter, Firewalls, IDS, IPS, Proxy Server, etc. I'd like to know your guys/girls opinions on this, particularly, what would you put first, second.

You have a pretty good list there. You can add some bastion hosts too, smtp or a dns server as well.

NotHackingYou

Web Servers, SMTP inbound

Mike7

Anything that is internet facing. Firewall first, IPS next followed by the rest.

joelsfood

What Mike said. Internet denizens should never access anything outside of the DMZ. So any system that is directly accessed by people on the Internet (Email, SFTP, web apps, etc) should all be in the DMZ and have a firewall and IPS between itself and your core network resources. Direct NAT into your core network from the Internet is asking for a breach.

systemstech

Web and email servers. Possibly a DSS server as well if you just want it public facing.

cyberguypr

My domain controllers and CA (drop mike).

Mike7

Read only domain controllers if possible. Anyway, where and what to place can be a infosec exam question

Kai123

What about a honeypot?