Solved

Is DMZ suppose to be in trust-zone or in untrust-zone?

Posted on 2009-04-04
4
1,262 Views
Last Modified: 2012-05-06
We're trying to use a DMZ for our servers, but my network guy has setup the DMZ in a trust-zone. But to my understanding, a DMZ should be in untrust-zone and then we should control the traffic between DMZ and the trust zone.

Can you please tell me which one is correct? (Trust zone or untrust zone?)

And if it is in trust zone, why?
0
Comment
Question by:SW111
  • 2
  • 2
4 Comments
 
LVL 4

Expert Comment

by:blissbear
ID: 24070127
DMZ is usually implimented to allow all access to an IP address without any firewall or filtering or translation rules.  Basically anything that accesses your firewall that isn't assigned a translation rule will be forwarded to the DMZ address.  This is useful for monitoring all access to your firewall that isn't normal.
0
 

Author Comment

by:SW111
ID: 24070138
Hello. DOesnt exactly answer my question:
1. is it supposed to be in trust zone or untrust zone?
2. if trust zone, why?

I just realized that I might be using a juniper-specific term because I'm using Juniper SSG for my firewall. (But I suspect the concept is all the same).
0
 
LVL 4

Accepted Solution

by:
blissbear earned 125 total points
ID: 24070168
Personally I would put the target machine you are using for DMZ in an untrusted zone so it doesn't have access to your LAN.

If you are not dedicating an individual server to the DMZ, I wouldn't bother implimenting it, as the risks to your network are increased.
0
 

Author Closing Comment

by:SW111
ID: 31566697
Thanks. It seems logical to me, but my network guy says that juniper manual seems to have other ideas. We do have dedicated servers for servicing customers via internet, which I think should be in the DMZ.
Thanks Again for your help.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question