We received one question from client.
Is the DMZ divided into isolated DMZ network segments for devices that initiate outbound traffic to the Internet and those that only receive inbound traffic?
Could you explain me clearly, how could I answer
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Please note that the role of the devices in a DMZ is to gather the outbound traffic from devices in the internal networks and send them to the Internet on behalf of the internal devices, and receive inbound traffic from the Internet and reroutes them to the original requester devices. Additionally, ISO 27001 does not specify anything about DMZ.
Considering that, the DMZ segments need to work with both outbound and inbound traffic, but only the DMZ receives inbound traffic from the Internet. You can only make this distinction between networks which only initiate outbound traffic and those which only receive inbound traffic for the segments connected to a DMZ segment.
For more information, see:
- https://us-cert.cisa.gov/ics/Secure-Architecture-Design
- https://www.opensecurityarchitecture.org/cms/library/patternlandscape/286-sp-016-dmz-module
- https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-41r1.pdf
- https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-44ver2.pdf
Comment as guest or Sign in
Aug 25, 2020