Internet Bastion Hosts Internal Network Router/Firewall Mail FTP

Internet Router/Firewall FTP Mail Router/Firewall Internal Network

Internal Host Internal Host Internet Router/Firewall DMZ Segment Mail Internal Host Internal Server Internal Host

Internet ??? Internal Network Router/Firewall App Server Mail

Point-To-Point Connection Management Router/Firewall Application Router/Firewall ISP Router Colocation Facility Point-To-Point Connection VPN Connection OR Internet Router/Firewall Corporate Facility Mail Proxy Router/Firewall Internal Network

Company A Company B D M Z Corp A Corp B Router/Firewall Router/Firewall D M Z VPN or Direct Line VPN or Direct Line Router/Firewall Corp A Corp B Router/Firewall Router/Firewall Internet

Allows system management Mail Internet DNS Router/Firewall www SNMP SSH Syslog SNMP Query Syslog www SSH SNMP Trap SSH Mail Mail Router/Firewall Allows system management Deny everything else DNS SNMP Trap Syslog SSH SNMP Query Loghost Management Station SNMP Monitor

Console Server Loghost Dumb Log Monitor SSH GW Internet Console Router/Firewall Console Console www / DNS / Mail SSH Console Server Mail Syslog Loghost OOB SNMP Trap Syslog SSH SNMP Trap Serial Dumb Log SNMP Query Int SSH SSH Monitor OOB SSH GW Router/Firewall Internal Network

Internet Monitor Syslog Corp Proxy Monitor Syslog Promiscuous No IP Router/Firewall Router/Firewall Emergency! Promiscuous No IP Promiscuous No IP Monitor Syslog FTP Prod Mail Corp Mail Corp Proxy Monitor Syslog Router/Firewall Internal Corp Network Router/Firewall Monitor Pull Application Monitor Syslog Backup Monitor Syslog Router/Firewall Monitor Master IDS Master SSH GW