Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1911
Views
0
Helpful
3
Replies

Internal network segmentation using firewalls

Go to solution
ggarlington
Community Member

‎12-16-2004 12:54 PM - edited ‎03-09-2019 09:47 AM

Recently an external auditor suggested we should segment the internal network including all enterprise applications, desktop population, internal e-mail, remote access, and the wan using firewalls. Is anyone doing this? If so why?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
turnbull
Level 4
Level 4

‎12-16-2004 03:59 PM

The concept of the demilitarized zone (DMZ) provides protection for higher level servers and applications etc whilst permitting web and mail servers typically, access to and from the Internet. If these host become compromised, they do not provide an immediate stepping stone to the important internal servers.

Risk assessment of the company's resource will determine the level of access control neccessary. The highest instances of compromise are still determined to be from internal sources and may warrant access control measures applied to the desktop population depending on the company's circumstances and the security posture adopted.

Cheers,

Paul.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
turnbull
Level 4
Level 4

‎12-16-2004 03:59 PM

The concept of the demilitarized zone (DMZ) provides protection for higher level servers and applications etc whilst permitting web and mail servers typically, access to and from the Internet. If these host become compromised, they do not provide an immediate stepping stone to the important internal servers.

Risk assessment of the company's resource will determine the level of access control neccessary. The highest instances of compromise are still determined to be from internal sources and may warrant access control measures applied to the desktop population depending on the company's circumstances and the security posture adopted.

Cheers,

Paul.

0 Helpful

Go to solution
ggarlington
Community Member
In response to turnbull

‎12-17-2004 04:37 AM

Can you give a specific example where a company (other than those dealing with finance, public safety or national security) has implemented firewalling of all network segments?

0 Helpful

Go to solution
dink
Community Member

‎12-29-2004 02:02 PM

Hmmm, I would say the WAN would certianly need to be Firewalled, but segmenting the internal network with firewalls is just going to slow down the internal operations. If i understand the question correctly, a better solution might be to segment different portions of the network with VLANS. Depending on your core switches, you could vlan each segment and use intervlan routing to control who goes where and keep all the traffic in each segment from mingling together.

0 Helpful
Customers Also Viewed These Support Documents