That is the question.
It has been a long standing idea that a DMZ is a best practice when it comes to designing and implementing a corporate network. It's even required by some regulations (see article listings below). The argument not to use a DMZ has been gaining ground in discussions around the security community. The argument basically goes that once you break a system in the DMZ, they now have the keys to the kingdom. So network admins should secure every system as though it was internal and require proper authentication to gain access. That doesn't mean that you have to get rid of the DMZ, but maybe the DMZ is a crutch not to secure all systems properly. Take away the crutch, and you'r forced to do it correctly.
So here are a few questions:
1. Has anyone eliminated their DMZ and why? Without giving away too much info, describe your setup.
2. Are you considering removing it and why?
3. Will never get rid of it and why? Also without giving away too much info about your network, describe your setup, what's in and not in the DMZ and why?
Here are a few articles to get you thinking:
Dump Your DMZ!
DMZs for Dummies
Explain the DMZ
DMZ - In information security, DMZ has multiple meanings. Classically it refers to the part of the perimeter between your service provider's point of demarcation and where you assume control. It can also mean any protected network, usually one at least partially accessible via the Internet. SANS has a number of papers shown below to help you learn about DMZ design and testing and also offers information security training in firewalls, DMZs and VPNs.
"Designing a DMZ" by Scott Young on DMZ design.
"Three Tired DMZs" by Chris Mahn on three tiered or complex DMZs, if this sounds like overkill to you, it is worth noting the Visa Security Commandments for credit card merchants specify a separate DMZ for credit card activity.
"Securing Extranet Connections" by Jeff Pipping on extranets, a special type of DMZ.
Hopefully this will spark some good debate,