I have recently started work for a new company and have taken over the ASA 5510 Firewall rules. I have worked with them a bit in the past, but not enough to say I am very strong or a master.
Anyway, after taking a look at the firewall rules, I was horrified with what I found. Basically, the DMZ has full access to the LAN and vice versa.
Talking with the management, I asked if we could change this because this is a huge security concern.
They finally gave me permission, but now I am in a position of:
where do I start?
how do I maximize security?
I am in the process of mapping the servers in the DMZ, what services they run, their IP's and what they need.
Does anyone have some suggestions on how to go about this?
Right now, there is one Windows server and 3 Mac OS X servers in there, hosting FTP and HTTP/HTTPS.
They should only need to come into the LAN to query our DNS server, as well as port 80 to our winupdate server for patches.
Anyone want to help me get started? I feel overwhelemed.