I'm curious to some of your opinions, what would you put in a DMZ?

danny069 · January 2016

What would you guys put in your DMZ? For example, Spam Filter, Firewalls, IDS, IPS, Proxy Server, etc. I'd like to know your guys/girls opinions on this, particularly, what would you put first, second.

TheFORCE · January 2016

danny069 wrote: »

What would you guys put in your DMZ? For example, Spam Filter, Firewalls, IDS, IPS, Proxy Server, etc. I'd like to know your guys/girls opinions on this, particularly, what would you put first, second.

You have a pretty good list there. You can add some bastion hosts too, smtp or a dns server as well.

NotHackingYou · January 2016

Web Servers, SMTP inbound

Mike7 · January 2016

Anything that is internet facing. Firewall first, IPS next followed by the rest.

joelsfood · January 2016

What Mike said. Internet denizens should never access anything outside of the DMZ. So any system that is directly accessed by people on the Internet (Email, SFTP, web apps, etc) should all be in the DMZ and have a firewall and IPS between itself and your core network resources. Direct NAT into your core network from the Internet is asking for a breach.

systemstech · January 2016

Web and email servers. Possibly a DSS server as well if you just want it public facing.

cyberguypr · January 2016

My domain controllers and CA (drop mike).

Mike7 · January 2016

Read only domain controllers if possible. Anyway, where and what to place can be a infosec exam question

Kai123 · January 2016

What about a honeypot?

I'm curious to some of your opinions, what would you put in a DMZ?

Comments