Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Rethinking the DMZ
We are thinking about changing our network architecture.
As our network has grown and the complexity of our public facing systems and connectivity needs of those systems has increased, we are wondering what value our DMZ delivers.
As an example, public facing systems in the DMZ that require access to LDAP/AD for AAA, SQL for database lookups, Exchange for mail delivery and relay, etc.
For those of you with non-trivial public facing systems, where do you draw the balance line between security and access? If our most visible public facing systems (most likely to be attacked) require internal AAA & SQL access, what are we protecting?
Given current system requirements and the evolution of security, are the reasons for setting up a DMZ 15 years ago still valid, and is the value of maintaining a DMZ worth the associated costs and if not, what are the alternatives?
Jason Youngquist, CISSP
Information Technology Security Engineer
1001 Rogers Street, Columbia, MO 65216