How to design the security levels

Unanswered Question
Oct 3rd, 2008
User Badges:

The design is:


1. Perimeter ASA

2. Front end servers (DMZ)

3. FWSM on Cat 6500

4. Back end servers - includes customer & transactional database (DMZ 1)

5. Back end connectivity to another site for transactional processing & response which then updates the backend servers customer & transactional database(INSIDE)


My query is whether point 5 should be given higher security level (INSIDE) than point 4 (DMZ1) or vice versa. What factors do I need to consider to decide on the security levels.


Regards.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bwilmoth Thu, 10/09/2008 - 13:47
User Badges:
  • Silver, 250 points or more

I think the INSIDE interface should be given high priority because the "outside" interface may sometimes be referred to as the "unprotected" interface and the "inside" interface is frequently referred to as the "protected" one.


The below URL may help you:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml#intro



Actions

This Discussion