are DMZ's out of vogue
Paul Schmehl
pauls at utdallas.edu
Wed Oct 3 11:47:32 PDT 2007
--On Wednesday, October 03, 2007 08:09:23 -0400 Stephen Clark
<Stephen.Clark at seclark.us> wrote:
> Hi List,
>
> Our in house network configuration is using FreeBSD for our firewall. We
> currently have it setup with
> 3 interfaces a public, private and DMZ. We our moving to a new facility
> and our network engineer
> says nobody is using DMZs any more and wants to just do NAT redirects
> from our FreeBSD firewall
> to servers on the private network. These servers were on the DMZ in our
> current configuration.
>
> Does this make sense? Is it true that DMZ's have fallen out of vogue?
>
Any time someone makes a statement like that, I ask them for attribution.
Where did they get this information? Why do they consider it to be
reliable?
This is the first time I've heard such a statement, and I consider it to be
untrustworthy without some sort of pointer to a trusted source that has
made the statement and backed it up with statistics.
>From strictly a security philosophy standpoint, it sounds crazy. Without
going in to great detail, NAT doesn't do a thing for you with regard to
protecting machines. Essentially he's advocating removing one layer of
defense without providing any reason why it makes sense other than
"everybody is doing it".
--
Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
More information about the freebsd-net
mailing list