Is the concept of DMZ obsolete?



  • When you only had perimeter security using a DMZ made perfect sense.

    But is the concept of DMZ obsolete now?

    I'll ask this as open ended question without any specific scenario in mind.



  • @Pete-S

    is DMZ the same as jump server ? or that does not fall under this categ.



  • @Pete-S said in Is the concept of DMZ obsolete?:

    When you only had perimeter security using a DMZ made perfect sense.

    But is the concept of DMZ obsolete now?

    I'll ask this as open ended question without any specific scenario in mind.

    Personally, I never saw the point of a DMZ. Why? Because as soon as it was setup, most places just made connectivity to and from it and the LAN open. That defeats the purpose of it. It is nothing more than a VLAN in today's terms.



  • @Emad-R said in Is the concept of DMZ obsolete?:

    @Pete-S

    is DMZ the same as jump server ? or that does not fall under this categ.

    Not at all.

    https://en.wikipedia.org/wiki/DMZ_(computing)



  • @JaredBusch said in Is the concept of DMZ obsolete?:

    @Pete-S said in Is the concept of DMZ obsolete?:

    When you only had perimeter security using a DMZ made perfect sense.

    But is the concept of DMZ obsolete now?

    I'll ask this as open ended question without any specific scenario in mind.

    Personally, I never saw the point of a DMZ. Why? Because as soon as it was setup, most places just made connectivity to and from it and the LAN open. That defeats the purpose of it. It is nothing more than a VLAN in today's terms.

    Presumably you could have fewer ports opened between zones, limited only to what was needed, but if all unnecessary ports are shut down on your servers, that really shouldn't matter - or at least that was the gist of it.



  • A proper DMZ is still a valid concept, but was never that big of a deal. There are almost no resources that make sense to put there. If you have those resources, then sure. But who does? The advent of cloud computing, cheaper colocation, better IT knowledge, etc. has led most shops to not try to make "internal/external" shared resources where one side is public and the other uses LAN security; and what little of that remains in need is generally addressed with VLANs in a slightly different way.