Cisco Blogs


Cisco Blog > Perspectives

DMZ Basics

Lately I made the change from deep technical consultant to a more high-level architect like kind of consultant. I now do my work on the turning point between business and technique. One of my first jobs is to make my customer ready for an audit to use the dutch official authentication method, which is called DigID.

There are several requirements, which have to be fulfilled before the customer can make use of the DigID authentication method. One of these requirements is that all the internet facing systems are placed in a DMZ. I tried to explain the importance of a well functioning DMZ. For us as network specialists this fact is obvious, but a lot of people don’t understand the meaning and working of a DMZ. This blog is about the essentials of which a DMZ has to consist.

First we need to understand what we are trying to achieve with a DMZ
• Separation and identification of network areas
• Separation and isolation of internet facing systems
• Separation of routing and security policies

After understanding the achievements, there is another point of interest. Are you gonna build your DMZ with dedicated switches, firewall’s and ESX hosts (physical) or do u use a separate vlan (virtual). There is no clear answer; fact is that bigger organizations build physical DMZ’s more often than smaller ones. Besides the technical aspect, there is off course a financial aspect. Resulting out of the physical/virtual debate comes the debate whether to use two physical firewalls or one physical firewall with several logical interfaces. Equally to the physical/virtual debate there is not just one answer.

For me personally one physical firewall with several logical interfaces with tight configured ACL’s is as good as two physical firewalls. One could dispute this with the argument that if a hacker gains access to one firewall he gains access to the whole network. Personally I don’t think this isn’t a valid argument, because when two physical firewalls are used they are often from the same vendor and use the same firmware with the same bugs and exploits. So if the hacker’s trick works on one firewall, it will often also work on the second one.

Some images to make the above a little more concrete.

A single firewall DMZ:

DMZ Basics

Read More »

Tags: , , , ,

#CiscoChampion Radio S2|Ep 23. Cisco Hosted Identity Services

CiscoChampion200PXbadge#CiscoChampion Radio is a podcast series by Cisco Champions as technologists. Today we’ll be talking about Cisco Hosted Identity Services with Cisco Lead Architect Eric Eddy.

Listen to the Podcast.

Learn about the Cisco Champions Program HERE.
See a list of all #CiscoChampion Radio podcasts HERE.
Ask about the next round of Cisco Champions nominations. EMAIL US.

Cisco SME
Eric Eddy, Lead Architect for Cisco Hosted Identity Services

Cisco Champion Guest Host
Josh Warcop, @Warcop, Senior Consultant

Moderator
Brian Remmel (@bremmel) Read More »

Tags: , , , ,

The We’re Listening Blog Series: Upgraded Partner Tools Make it Easier to Deliver to Your Customers

Cisco Partners are the backbone of a global, scalable and consistently excellent Cisco customer experience. And, just as we work to make improvements that will ensure our customers are always delighted with their Cisco experience, we also pay special attention to the unique Partner experience. This ensures we are best enabling you to deliver the right solutions to solve our customers’ most complex business challenges. 

We’ve heard you say that our online tools are too complex and too disconnected. You’ve told us you want a seamless online experience that helps you do your job faster and better, without frustrating and potentially costly delays.  To that end, our Partner team is rolling out tool improvements, taking into account your specific feedback and distinct needs.  I’ve invited Jennifer Petty, Director of Cisco’s Partner Experience Transformation team to give an update and explain some of the improvements.

jpetty By Guest Author Jennifer Petty

partner header

Using Cisco’s Partner tools can put your multi-tasking skills to the test. For example, there’s an online tool to register for a program, another to check sales figures and yet another to get quotes. We know this is not an ideal experience and we want to simplify this for you in every way possible. A redesign is underway to streamline the user experience with all our Partner tools. It will take some time to complete, but we have a few early changes to share with you. Read More »

Tags: , , , ,

#CiscoChampion Radio S2|Ep 22. Live from #CLUS San Diego!

CiscoChampion200PXbadge#CiscoChampion Radio is a podcast series by Cisco Champions as technologists. Today we’re at Cisco Live San Diego (#CLUS) talking about highlights and take-aways from the event so far.

Listen to the Podcast.

Learn about the Cisco Champions Program HERE.
See a list of all #CiscoChampion Radio podcasts HERE.
Ask about the next round of Cisco Champions nominations. EMAIL US.

Moderator
Lauren Friedman(@lauren) Read More »

Tags: , , ,

#CiscoChampion Radio S2|Ep 21. 802.11ac Wave 2

CiscoChampion200PXbadge#CiscoChampion Radio is a podcast series by Cisco Champions as technologists. Today we’ll be talking about 802.11ac Wave 2 with Cisco Principal CME, Catalyst Switching Group, Shawn Wargo, and Cisco Technical Marketing Manager Sujit Ghosh.

Listen to the Podcast.

Learn about the Cisco Champions Program HERE.
See a list of all #CiscoChampion Radio podcasts HERE.
Ask about the next round of Cisco Champions nominations. EMAIL US.

Cisco SME
Shawn Wargo, Principal CME, Catalyst Switching Group
Sujit Ghosh, Technical Marketing Manager

Cisco Champion Guest Hosts
Samuel Clements, @samuel_clements, Mobility Practice Manager
Stewart Goumans, @WirelessStew, Mobility Consultant
Chris Nickl, @ck_nic, Cloud Infrastructure Architect

Moderator
Lauren Friedman(@lauren) Read More »