You know I did that just for you. I print them all in color on glossy paper and then burn them on the beach :D On Dec 31, 2009, at 10:16 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx<mailto:tshinder@xxxxxxxxxxx>> wrote: Oh BTW – RE: your Carbon footprint. Get off the Al Gore cash train (unless you’re getting some kickbacks, then that’s cool) I printed this email 500 times. Now I have to go to the store and buy another ream. From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Thursday, December 31, 2009 11:59 AM To: <mailto:isalist@xxxxxxxxxxxxx> isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] DMZ Route vs NAT So, Steve and I were discussing network topologies the other day as we often do, and we were talking about the network relationship between the internal network and one’s DMZ perimeter in regard to “best practices” and security. I always like to set up a NAT relationship from the internal network to the DMZ perimeter and set publishing rules from the DMZ to internal if necessary, i.e. SMTP publishing. I’ll publish SMTP from the Internet to the DMZ edge, process mail, and then publish from the DMZ to the Internal Exchange box. However, I think most people use a “route” for ease of management. A route would be less secure since any compromise of a DMZ asset would result in any access rules automatically allowing access into the internal network. Typically, a published service would have an application layer filter applied which would mitigate the leverage one could apply to such a compromise. What are the group thoughts on this? NAT is more difficult to manage given the “directional” aspects of the relationship as well as the added overhead of publishing anything where the DMZ unit must initiate connections to the internal network. I just wondered what the rest of you guys/gals did. T ____________________ Thor <thor@xxxxxxxxxxxxxxx>thor@xxxxxxxxxxxxxxx<mailto:thor@xxxxxxxxxxxxxxx> <www.hammerofgod.com>www.hammerofgod.com<http://www.hammerofgod.com> <image001.jpg> Think Carbon Footprint. Like mine on your ass if you print this you wasteful bastard!