Results 1 to 3 of 3
  1. #1
    Join Date
    Oct 2002
    Posts
    349

    DMZ Server Management & PCI

    We are working on our pci certification ( fun times right? ) and i was wondering what other people do for server management in the dmz. Few things we are looking at listed below. We will be doing cisco zbfw for firewalling and using NAT.

    #1
    Servers have 2 nics, 2 ips, gateway ect. One of the networks would be considered a "management vlan/network". Other network would be for all other traffic, including natting to the internet, and traffic to the "internal" zone but locking down traffic to source,destination, and protocol level.
    On windows you really on have 1 true default gateway, and because windows doesnt just send traffic out the interface it came in, but looks at the routing table, some network routing issues popped up.


    #2
    Use only 1 nic/vlan/ip/gateway. Lock down traffic to source,destination, and protocol level for dmz to "internal" traffic and do an "inspect" statement to allow all necessary traffic back in and drop everything else. "Internal" to dmz would just be an inspect all because this traffic wouldnt need to be firewalled so management traffic would work just fine.


    I would appreciate any other options and input!

  2. #2
    #2 is the better option, though there is a bit more to it than just the few items listed.
    ZZ Servers - Business Hosting, HIPAA and PCI Compliant Hosting Solutions - http://www.zzservers.com
    Xen Virtual Private Servers | Dedicated Servers | Shared Hosting
    Custom configurations, firewall, VPN, load balancers, private networks and more.

  3. #3
    Join Date
    Oct 2002
    Posts
    349
    Quote Originally Posted by zendzipr View Post
    #2 is the better option, though there is a bit more to it than just the few items listed.
    Right, i didnt list everything that would need to be done. I am also thinking of the #2 route because it would make things easier in reality. #1 is good in theory, but not so much in practice.

Similar Threads

  1. Replies: 0
    Last Post: 12-24-2007, 06:12 AM
  2. Replies: 0
    Last Post: 10-13-2007, 02:27 AM
  3. Replies: 0
    Last Post: 03-19-2007, 09:02 AM
  4. Replies: 0
    Last Post: 03-09-2007, 06:27 PM
  5. Replies: 14
    Last Post: 02-09-2007, 09:55 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •