IT Security & Network Security News & Reviews - eWeek



IT Security & Network Security News

How to Design a Secure DMZ


By: Michael Hamelin
2010-09-01
Article Rating:starstarstarstarstar / 10


There are  user comments on this IT Security & Network Security News & Reviews story.



  Table of Contents:
  1. How to Design a Secure DMZ
  2. Goals of DMZ Design
  3. Four Levels of DMZ Design
  4. Level 3 DMZ Designs
  5. Level 4 DMZ Designs

One core tenet of demilitarized zone (DMZ) design is to segregate network devices, systems, services and applications based on risk. Because of this, it's crucial to carefully plan and design a DMZ because it may not be easy to fix major flaws in the DMZ's design once it's live. Here, Knowledge Center contributor Michael Hamelin explains how to design a secure DMZ for your enterprise.

How to Design a Secure DMZ - Level 4 DMZ Designs
( Page 5 of 5 )

Level 4 DMZ designs

Level 4 DMZ designs are where things start getting more complicated. A Level 4 scenario would most likely include deploying multiple firewall pairs in parallel along your border rail, and spreading your DMZs out among them, segregated by your choice of metrics. Most people choose to separate the firewalls into business or functional groups, while others like to separate them by trust levels.

Best practices dictate building separate firewall stacks based on Service Level Agreements (SLAs) and data classification. This creates a situation where there is an entirely separate firewall stack for PCI, separate firewalls for user services (such as Web browsing, FTP, e-mail, patching, etc.) and separate firewall stacks for business services. Consider business services placed in DMZs by SLA: 90 percent, 98 percent and 99.9 percent make for three good goals. Designing DMZs by SLA can streamline DMZ management and reduce business disruptions.

Conclusion

In closing, it's imperative to place as much rigor as possible into the planning and design process. Assume that once the DMZ is live, it may not be so easy to fix major flaws in the design. Internal due diligence can be used as a way to establish strong lines of communication with other stakeholders—whether they are other IT folks, business owners, partners or managers. It can raise your profile within your company as a thoughtful risk manager and strategic thinker. And, perhaps most important, it will invite feedback outside your frame of reference. If one conversation with one person has a significant impact on DMZ design, wouldn't you want to have that conversation before you design it?

Michael Hamelin is Chief Security Architect at Tufin Technologies. Bringing more than 16 years of security domain expertise to Tufin, Michael has deep, hands-on technical knowledge in security architecture, penetration testing, intrusion detection, and anomalous detection of rogue traffic. Michael has authored numerous courses in information security and worked as a consultant, security analyst, forensics lead, and security practice manager. Michael is also a featured security speaker around the world, widely regarded as a leading technical thinker in information security. Michael previously held technical leadership positions at VeriSign, Cox Communications and Resilience. Prior to joining Tufin, Michael was the principal network and security architect for ChoicePoint, a LexisNexis Company. Michael received Bachelor’s degrees in Chemistry and Physics from Norwich University and did his graduate work at Texas A&M University. He can be reached at michaelh@tufin.com.








 
 
>>> More IT Security & Network Security News & Reviews Articles          >>> More By Michael Hamelin
 


FEATURED SPONSOR VIDEOS

Benefits of Workload Optimization

What Smart Companies MUST Learn from Gaming

Advances in Authentication

Vertical Markets Benefit from Workload Optimization

View More Videos

Brought to you by
Advertisement

FEATURED SPONSOR MESSAGE

Microsoft Sponsored Resource Center

Increase Your Microsoft Office 365 Knowledge! Dig inside this suite of cloud-based collaboration tools.

Watch the video >>

Brought to you by

Suggested Related Content:

Articles Labs/How-To Multimedia


Advertisement
Contact Us | About | Advertise | Site Map
eWEEK Quick LInks

Security:
Enterprise Networking
Network Security
Infrastructure Security
How To: Data
Security Watch Blog
Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
How To: Storage
Storage Station Blog
Computing:
Apple OSX
Linux Systems
Windows 7
Managed Print Services
Computer Reviews
Microsoft Watch Blog
Google Watch Blog
Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Apps & Development:
Application Development
Enterprise Apps
Search Engines
Database Software
Web 2.0
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Videos
Magazine Subscriptions
Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Web Buyers Guide
Developer Websites:
DevSource C# and .Net
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware
Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Windows Migration
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
ZDE Cluster 3
 
Close this advertisement