I see many disscussions about DMZ and many configurations (some are for real experts and some for one WAN 2 pc Where is the point of using "Unified Threat Management"
Leaving all servers on one network and workstations on another doesn't achieve the same thing as a DMZ. For example, placing the accounting server on the same network as the public webserver is asking for trouble. You compromise (gain admin level access to) the webserver, attacking the accounting server is far easier because you are past the firewall already.
The point of a DMZ is that you put higher risk servers, typically public facing ones, on their own network with well defined & tightly controlled access into and out of that network so that compromise of any machine on that network will not impact the internal operations of the organization.
I also strongly disagree with your assertion that most attacks begin from within. Yes, the disgruntled employee is a very real risk and as they already have access to systems that an outsider doesn't, they can do a lot of damage.
Most threats come from outside the organization. I define a threat as any action or transmission that could negatively impact the integrity, security, and/or performance of the networks & systems under my administration.
Spam, hackers, script kiddies, and youtube addicts are all examples of the threats I see regularly. Of those, I'd say the bulk of my problems are caused by outside threats like spam, viruses, and even the odd hacker.
Leaving all servers on one network and workstations on another doesn't achieve the same thing as a DMZ. For example, placing the accounting server on the same network as the public webserver is asking for trouble. You compromise (gain admin level access to) the webserver, attacking the accounting server is far easier because you are past the firewall already.
The point of a DMZ is that you put higher risk servers, typically public facing ones, on their own network with well defined & tightly controlled access into and out of that network so that compromise of any machine on that network will not impact the internal operations of the organization.
I also strongly disagree with your assertion that most attacks begin from within. Yes, the disgruntled employee is a very real risk and as they already have access to systems that an outsider doesn't, they can do a lot of damage.
Most threats come from outside the organization. I define a threat as any action or transmission that could negatively impact the integrity, security, and/or performance of the networks & systems under my administration.
Spam, hackers, script kiddies, and youtube addicts are all examples of the threats I see regularly. Of those, I'd say the bulk of my problems are caused by outside threats like spam, viruses, and even the odd hacker.
