Date: Wed, 03 Oct 2007 13:22:05 -0500 From: Paul Schmehl <pauls@utdallas.edu> To: freebsd-net@freebsd.org Subject: Re: are DMZ's out of vogue Message-ID: <80304F2FE5F437924A638955@utd59514.utdallas.edu> In-Reply-To: <47038673.9020403@seclark.us> References: <47038673.9020403@seclark.us>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Wednesday, October 03, 2007 08:09:23 -0400 Stephen Clark <Stephen.Clark@seclark.us> wrote: > Hi List, > > Our in house network configuration is using FreeBSD for our firewall. We > currently have it setup with > 3 interfaces a public, private and DMZ. We our moving to a new facility > and our network engineer > says nobody is using DMZs any more and wants to just do NAT redirects > from our FreeBSD firewall > to servers on the private network. These servers were on the DMZ in our > current configuration. > > Does this make sense? Is it true that DMZ's have fallen out of vogue? > Any time someone makes a statement like that, I ask them for attribution. Where did they get this information? Why do they consider it to be reliable? This is the first time I've heard such a statement, and I consider it to be untrustworthy without some sort of pointer to a trusted source that has made the statement and backed it up with statistics. >From strictly a security philosophy standpoint, it sounds crazy. Without going in to great detail, NAT doesn't do a thing for you with regard to protecting machines. Essentially he's advocating removing one layer of defense without providing any reason why it makes sense other than "everybody is doing it". -- Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?80304F2FE5F437924A638955>