Hi,
I have a generalized security question about what type of activities should
be allowed on a corporate DMZ. To give you a bit of background...we have
had ours in place for about 4 years now but lately we are getting a ton of
requests for opening up more ports/services on the DMZ firewalls. Examples
include setting up a chat server on the DMZ, allowing
employees/contractors/applications access from the DMZ to the internal
network and vice versa, vendors wanting to SSH to servers on the DMZ, etc.
The is my question�what are some disturbing trends/practices that you have
seen taking place on a DMZ over the past year or so? It seems as though our
DMZ firewalls are looking more and more like Swiss cheese. Everyone is
wanting more services turned on, ports opened up, and sticking test (ie
production? )servers out on the DMZ. BTW�we do not have any
standards/procedures in this area�.so this could be part of our problem.
Any help or advice you can offer is appreciated. If you know of any good
standards or white papers in this area...pass them on also.
Tony
Security Project Manager
_________________________________________________________________
Get a speedy connection with MSN Broadband.� Join now!
http://resourcecenter.msn.com/access/plans/freeactivation.asp
