Security Architecture Question

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Bob Cober
Date:  
Subject: Security Architecture Question
I have a question for the network security gurus out there.....

We have a 3-firewall structure: 

        \                \                \
Inet  /   DMZ1   /  DMZ2   /  Core
        \                \                \
        /                /                /


The \ represent the firewalls.
Inet is the internet and core is the core network. 

The current debate surrounds 2 architectures:
Arch 1:  
    DMZ1 houses multiple hardened web servers.
    DMZ2 houses the App Servers, LDAP Servers, etc.


Arch 2:
    DMZ1 houses a hardened reverse proxy.
    DMZ2 houses web servers, LDAP servers, App Servers, etc.


Any thoughts on the pros/cons of either approach?







This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-PLUG-discuss digest, Vol 1 #2096 - 12 msgsGNUe presentation question->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)