[Techtalk] DMZs, etc.
Michelle Murrain
tech at murrain.net
Mon Dec 10 11:55:55 EST 2001
Hi Folks,
I have a question regarding DMZs:
I know that DMZs are, basically, best practice for network design. Question
is: what if the network is primarily made up of servers that provide
internet services (web, mail, dns), with only a few computers that are on
an internal network. In this scenario, would a single firewall, plus NAT
for the internal computers be enough practically (along with running snort
etc. on any internal boxes)? What if NFS is running on the internal
computers (but not the web servers, etc.)? Does this up the ante some?
Or, could you use one of the internet servers as the first firewall?
I'm basically trying to set up a secure system, but with as few boxen as
possible (keep it cheap, and keep my office from getting too hot!)
Thanks!!
.Michelle
---------------------------------------
Michelle Murrain, Ph.D.
tech at murrain.net
AIM:pearlbear0
http://www.murrain.net/ for pgp public key
More information about the Techtalk
mailing list