Solved

Is DMZ suppose to be in trust-zone or in untrust-zone?

Posted on 2009-04-04
4
1,246 Views
Last Modified: 2012-05-06
We're trying to use a DMZ for our servers, but my network guy has setup the DMZ in a trust-zone. But to my understanding, a DMZ should be in untrust-zone and then we should control the traffic between DMZ and the trust zone.

Can you please tell me which one is correct? (Trust zone or untrust zone?)

And if it is in trust zone, why?
0
Comment
Question by:SW111
  • 2
  • 2
4 Comments
 
LVL 4

Expert Comment

by:blissbear
ID: 24070127
DMZ is usually implimented to allow all access to an IP address without any firewall or filtering or translation rules.  Basically anything that accesses your firewall that isn't assigned a translation rule will be forwarded to the DMZ address.  This is useful for monitoring all access to your firewall that isn't normal.
0
 

Author Comment

by:SW111
ID: 24070138
Hello. DOesnt exactly answer my question:
1. is it supposed to be in trust zone or untrust zone?
2. if trust zone, why?

I just realized that I might be using a juniper-specific term because I'm using Juniper SSG for my firewall. (But I suspect the concept is all the same).
0
 
LVL 4

Accepted Solution

by:
blissbear earned 125 total points
ID: 24070168
Personally I would put the target machine you are using for DMZ in an untrusted zone so it doesn't have access to your LAN.

If you are not dedicating an individual server to the DMZ, I wouldn't bother implimenting it, as the risks to your network are increased.
0
 

Author Closing Comment

by:SW111
ID: 31566697
Thanks. It seems logical to me, but my network guy says that juniper manual seems to have other ideas. We do have dedicated servers for servicing customers via internet, which I think should be in the DMZ.
Thanks Again for your help.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Problem to router 7 51
I wonder how people fake their ip address? 3 37
Cloud Security  - encryption needed? 6 37
Lightweight Networking 9 33
On Beyond Tools A conversation I recently had with the DevOps manager of a major online retailer really made me think about DevOps monitoring tools (https://www.onpage.com/devops-incident-management-tool/). The manager and I discussed how sever…
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question