What is the easiest/cheapest way to implement a DMZ?
We wish to make our library Web OPAC available on the World Wide Web. We have been advised by our IT support and network contractors that we need to implement a DMZ to do this safely, (i.e. the server where the library system and OPAC software are installed needs to be isolated from the rest of the network.) What is the easiest/cheapest way of doing this? Someone at the library system vendor company suggested that a PC with two network cards might be sufficient. The organization is running a SonicWall firewall.
DMZ needs to be created to securely deploy the Web site and isolate the Internal Network from being accessed from the Internet.
The solution depends on the kind of Web site to be hosted. If security is not of a great concern, then a server with two NIC's is also an option. This will be cheap and easy as well. Just make sure that the Server is hardened before deployment. Install Packet filtering software so that you can restrict/filter the traffic.
For better security you can also take advantage of SonicWall Firewall already running on your network. The firewall provides multiple isolated security zones and this is done through its Stateful inspection feature.
This was first published in December 2003