Re: [fw-wiz] separating the servers on a switch

From: Jared Valentine (hidden@xmission.com)
Date: 09/13/02


From: Jared Valentine <hidden@xmission.com>
To: Shimon Silberschlag <shimons@bll.co.il>
Date: Fri Sep 13 07:17:31 2002

Shimon:

Many people have suggested standalone firewalls as a method to accomplish your goal. One other way to do this would be to place an individual firewall inside each server. The best way to do this is to use individual PCI-based firewall cards inside each server. I would recommend looking into PCI firewalls from the following companies:

3Com Embedded Firewall
        - http://www.3com.com/security/
        - $170 to $250 per server
Simple Access Server Protector
        - http://www.simpleaccess.com/site_files/docs/products/server_protector.html
        - Last I saw it was about about $1600 per unit
Merilus Firecard
        - http://www.provantage.com/scripts/go.dll/-s/fc_meri
        - $350-$750 per server

Each product has it's own pros and cons. A little more research is probably warranted. Good luck!

Jared Valentine
hidden@xmission.com

On Thu, 12 Sep 2002, Shimon Silberschlag wrote:

> Lets say we have an internet segment, protected by firewalls at both
> ends. On that segment are various servers.
> The servers need to talk to other servers outside the segment; uplink
> its the internet, downlink the backend servers.
> Some of the servers need to be able to talk among them.
> We want to control which server can talk to which other server (in the
> segment), utilizing one of the firewalls (lets say the uplink one).
> Can the group suggest ways to accomplish that? We thought about using
> L2 switches with "private VLAN", L3 switches with ACL, but constantly
> come across problems doing the routing properly.
>
> Shimon Silberschlag
>
> +972-3-9352785
> +972-51-207130
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>



Relevant Pages

  • RE: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.
    ... Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. ... gateway and filter the access from/to the internal networks to the servers ... > have no website or web services other than Internet access and e-mail. ...
    (Focus-Microsoft)
  • Re: [fw-wiz] Isolating internal servers behind firewalls
    ... having servers on a separate segment controlled by ... firewalls segregating segments also common. ... Control which clients connect to which servers on what ports ... If you have proper change control management, this should not be a problem. ...
    (Firewall-Wizards)
  • Re: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.
    ... Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. ... In the workstations and the other servers, a good AV with daily updates will do ...
    (Focus-Microsoft)
  • RE: host-based ids evaluation
    ... But for servers, many people don't like using features like autoblocking or ... host-based firewalls because it could cause additional performance ... Static Firewall rules do not prevent binding of programs to certain ports ... but I am not sure if some processes could be hidden from netstat. ...
    (Focus-IDS)
  • Re: Win2000 server firewall?
    ... The NAT router will provide a lot of protection but I hoped you sprung for ... The problem with firewalls on servers, ... Beyond firewalls read other suggestions in the security guide and be sure to ... >behind a NAT router that provides internet access to the clients. ...
    (microsoft.public.windows.server.security)