A high number of client inquiries I receive are around DMZ redesign. This is the hardest task in network security you can undertake because there is no one-size-fits-all DMZ design and there are many moving parts in play. The good news is that getting the DMZ right will likely be one of the most beneficial undertakings in netsec, and makes so many other things across security and networking easier and cheaper.
One of the questions that comes up as part of DMZ design is is it best to have one firewall vendor (for simplicity of management) or two (to provide an overlap of protection in case one firewall has a vulnerability), and what are my peers doing on this topic?
John Pescatore and I have provided an update on this in a research note “Q&A: Is It More Secure to Use Firewalls From Two Different Vendors?”
The NIST stone test wall in Gaithersburg, Md.
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment