I see many disscussions about DMZ and many configurations (some are for real experts and some for one WAN 2 pc Where is the point of using "Unified Threat Management"
Bob I mean what is the concept of DMZ while we have: Web, Mail, Webserver Wireless PROTECTIONS and all other protection inside UTM? Someone here leaved all Servers in a network called "DMZ" & in the same time left the services mentioned above ON. and was a mishmash I will never see again Can we go deep about that?
Seconding what Barry said, isolation and defense in depth.
The same reason we isolate Guest WiFi from the rest of the network, why we isolate Management and SAN traffic from the regular LAN. Keeps the un-wanted's out. [:)]
Stuff like the WAF and proxies just add more defenses at the perimeter, making it harder to compromise public facing servers. The DMZ ensures that when (not 'if') a compromise happens, the compromised machine can't be used to break into protected systems on the LAN.
Some organizations take that a step further and firewall between the servers and the workstations, so that if an internal workstation is compromised, it can't affect the servers.
I Agree with you guys, there are some reasons and different environments Leaving all the Servers in "internal1" and all workstations in "internal2" and make the right rules in firewall, I think is the same [:)] But leaving the email-server face the internet and protected from internal workstations this has nothing to do with what we call protection From my experience most attacks begins from inside not from outside
Leaving all servers on one network and workstations on another doesn't achieve the same thing as a DMZ. For example, placing the accounting server on the same network as the public webserver is asking for trouble. You compromise (gain admin level access to) the webserver, attacking the accounting server is far easier because you are past the firewall already.
The point of a DMZ is that you put higher risk servers, typically public facing ones, on their own network with well defined & tightly controlled access into and out of that network so that compromise of any machine on that network will not impact the internal operations of the organization.
I also strongly disagree with your assertion that most attacks begin from within. Yes, the disgruntled employee is a very real risk and as they already have access to systems that an outsider doesn't, they can do a lot of damage.
Most threats come from outside the organization. I define a threat as any action or transmission that could negatively impact the integrity, security, and/or performance of the networks & systems under my administration.
Spam, hackers, script kiddies, and youtube addicts are all examples of the threats I see regularly. Of those, I'd say the bulk of my problems are caused by outside threats like spam, viruses, and even the odd hacker.
We have all the same point of view, but I don't like to let an exchange face the world, Even to contact other mail-servers since UTM has Smtp-Protection [:)]
