Options
I'm curious to some of your opinions, what would you put in a DMZ?
danny069
Member Posts: 1,025 ■■■■□□□□□□
What would you guys put in your DMZ? For example, Spam Filter, Firewalls, IDS, IPS, Proxy Server, etc. I'd like to know your guys/girls opinions on this, particularly, what would you put first, second.
I am a Jack of all trades, Master of None
Comments
-
Options
TheFORCE
Member Posts: 2,297 ■■■■■■■■□□
What would you guys put in your DMZ? For example, Spam Filter, Firewalls, IDS, IPS, Proxy Server, etc. I'd like to know your guys/girls opinions on this, particularly, what would you put first, second.
You have a pretty good list there. You can add some bastion hosts too, smtp or a dns server as well. -
OptionsNotHackingYou
Member Posts: 1,460 ■■■■■■■■□□
Web Servers, SMTP inboundWhen you go the extra mile, there's no traffic.
-
OptionsMike7
Member Posts: 1,107 ■■■■□□□□□□
Anything that is internet facing. Firewall first, IPS next followed by the rest.
-
Options
joelsfood
Member Posts: 1,027 ■■■■■■□□□□
What Mike said. Internet denizens should never access anything outside of the DMZ. So any system that is directly accessed by people on the Internet (Email, SFTP, web apps, etc) should all be in the DMZ and have a firewall and IPS between itself and your core network resources. Direct NAT into your core network from the Internet is asking for a breach. -
Optionssystemstech
Member Posts: 120
Web and email servers. Possibly a DSS server as well if you just want it public facing.
-
OptionsMike7
Member Posts: 1,107 ■■■■□□□□□□
Read only domain controllers if possible. Anyway, where and what to place can be a infosec exam question
