Expert Advice Community

Guest

Question clarification

  Quote
Guest
Guest user Created:   Aug 26, 2020 Last commented:   Aug 26, 2020

Question clarification

 We received one question from client.
Is the DMZ divided into isolated DMZ network segments for devices that initiate outbound traffic to the Internet and those that only receive inbound traffic?
Could you explain me clearly, how could I answer

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 26, 2020

Please note that the role of the devices in a DMZ is to gather the outbound traffic from devices in the internal networks and send them to the Internet on behalf of the internal devices, and receive inbound traffic from the Internet and reroutes them to the original requester devices. Additionally, ISO 27001 does not specify anything about DMZ.

Considering that, the DMZ segments need to work with both outbound and inbound traffic, but only the DMZ receives inbound traffic from the Internet. You can only make this distinction between networks which only initiate outbound traffic and those which only receive inbound traffic for the segments connected to a DMZ segment.

For more information, see:
- https://us-cert.cisa.gov/ics/Secure-Architecture-Design
- https://www.opensecurityarchitecture.org/cms/library/patternlandscape/286-sp-016-dmz-module
- https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-41r1.pdf
- https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-44ver2.pdf

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 25, 2020

Aug 25, 2020