Re: [fw-wiz] The Death Of A Firewall

From: Julian M D (julianmd_at_gmail.com)
Date: 10/26/05

  • Next message: Steven M. Bellovin: "Re: [fw-wiz] Legal Release for Security Work" 
    To: firewall-wizards@honor.icsalabs.com
Date: Wed, 26 Oct 2005 14:09:19 -0400

    So basically he's saying that he's safer now because of the "DMZ" created by
    the L3 Switches???? with 3 layers of application servers running in VIRTUAL
    OS's????
     I'd say the safest method is the one that best suits your needs, not only
    from the security point of view, but TCO, ROI, manageability...etc.
     What I agree on is the fact that, security must be covered from INSIDE-OUT.
      Julian Dragut
    Secure the LAN first
        On 10/17/05, Pedski <pedski@optonline.net> wrote:
    >
    > James Paterson wrote:
    >
    > >http://www.securitypipeline.com/165700439
    > >
    > >Be interesting to get the communities take on this article.
    > >
    > >_______________________________________________
    > >firewall-wizards mailing list
    > >firewall-wizards@honor.icsalabs.com
    > >http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    > >
    > >
    > >
    > This is a model that has holes...
    > router acl are not statefull.
    > they seem to have some secutiy by means of DMZ
    > the managemnt overhead of this is high..sometimes is not that easy
    > deploying patches if the vulnerabilty came in the night...meaning if you
    > are blocking everything with a firewall you bought yourself some
    > time....in this case they are open ...the term raise their immunity to
    > exists in hashers condition sounds really nice...but often attacks or
    > worms come like a thief in the night......
    >
    > there is something flawed with this architecture.
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Steven M. Bellovin: "Re: [fw-wiz] Legal Release for Security Work"

    Relevant Pages

    • Re: DMZ NT4 TO Internal 2000 AD One-Way Trust via Firewall
      ... leverage an effectivity security policy to ensure that password complexities ... > currently a mess of local and domain users, no security policy, etc. ... DMZ, not publicly accessible) that aren't going away within the stated ... to non-DC web servers in the DMZ on 80 and 443 - none of which are directed ...
      (microsoft.public.windows.server.active_directory)
    • Re: webdav on SBS2003
      ... Traditional FW architecture describes a DMZ, ... DMZ and LAN. ... DMZ is that the entire server isn't exposed in the zone, ... you depend on Windows Security to ...
      (microsoft.public.windows.server.sbs)
    • Re: DMZ & Security
      ... > yes, deployement price, security level (depending what ... > open ports... ... > case what sense has my DMZ? ... if I have a web server on DMZ that have to access sqlserver database ...
      (microsoft.public.security)
    • RE: AD in the DMZ . . . OK?
      ... additional methods (i.e. IPSec, SSL with client authentication ... the DMZ and don't have a secure VPN tunnel that supports Kerberos, ... tunnel and/or a properly designed .NET app can minimize the risk. ... And security risk is always just a cost/benefit trade ...
      (Security-Basics)
    • Re: need advice on security scenarios
      ... You can get a Watchguard or Sonicwall firewall with a dedicated DMZ ... The best security scenario for placing the concentrator in relation to the ... > exception of the VPN concentrator, we don't run any other servers(web ...
      (microsoft.public.win2000.security)