In-Reply-To: <[EMAIL PROTECTED]>
>I like to place one dmz in my net but my boss like an arguments for
>this...
>I find in the net why dmz is better than a simple firewall?
>but not found nothing concrete to display to my boss
Okay, well the basic idea behind the DMZ is that you want your
firewall to have as few ports open as possible. Some service however
require broad access such as email, web servers, etc. So what many
companies do is create two firewalls, a weak one on the outside to protect
their public computers (for example their apache web server), and a
second, much stronger one on the inside that prevents further access to
their intranet. If you can afford it, and can make it work technically,
its definitely a good idea in terms of security. Here is a pic to give
you an idea of what I'm talking about.
Internet<----->Outer Firewall<----->Public Servers<---->Inner Firewall<----
>Interior Network
Basically the idea is to make sure your inner firewall looks less like
swiss cheese than if you had to open just one firewall for everything.
