068
ENTERPRISE SECURITY BLUEPRINT
APPENDIX
A
DMZ segment control points include:
1.
Enforcement point for interactions between the DMZ and the external world (or Segment B)
2.
Enforcement point for interactions between the DMZ and the internal network
3.
Enforcement points responsible for bastion host self-protection
Typically, several different types of interactions are required to cross the DMZ. For example,
an Internet-facing DMZ may be needed for both of the following applications:
Employees on the internal network access Web resources on the Internet. The DMZ
hosts aWeb proxy and a DNS relay that serves Internet domain names to internal users
Customers on the Internet access a Web front end and an application that pulls
information from database servers located on the internal network. The DMZ
hosts Web and application servers and a DNS relay that resolves Web front end
domain names for Internet users
The following table describes security profile characteristics for these two applications:
The two security profiles differ significantly. For example, a user authorized to access the Web
proxy is not necessarily authorized to access customer data. This implies that the DMZ should be
constructed to place each application in a separately protected segment such that compromise of
the Web proxy would not impact customer data confidentiality. Conversely, compromise of the
Web application would not allow an attacker to control outbound Web traffic.
DMZ segmentation model 2
Figure A-
M
Figure A-m: DMZ segmentation model 2
External
(or Segment B)
Business objectives
Assets
Access
Assurances
Web Proxy
Web browsing for
internal users
None
All internal users
Simple proxy server protected by
DMZ segment security controls
Web Application
Customer-facing application
Customer data
Authenticated customers
Complex application protected
by application-level
and DMZ controls
