Re: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)
From: António (amateus@mail.pt)Date: 09/27/01
- Previous message: Jorge Roxo: "RE:RE: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)"
- Maybe in reply to: Jorge Roxo: "Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <20010927104936.4712.qmail@securityfocus.com> Date: Thu, 27 Sep 2001 11:49:35 +0100 From: "António" Mateus <amateus@mail.pt> To: focus-ms@securityfocus.com Subject: Re: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)('binary' encoding is not supported, stored as-is) Hello Jorge,
I believe that using a strong firewall (software / hardware) only in the
servers that are connected to the outside, is the best solution.
Of course it is good to have in the minimum 2 lines of defense, but you could
put one server as a firewall (the one Soft & Hard) and the other server that
connects to the internal network with another firewall (like zonealarm or
neowatch).
It will stay something like this:
Internet
|
Firewall
Server (H/S)
|
Server (ZoneAlarm, Neowatch)
|
Internal
Network
In the workstations and the other servers, a good AV with daily updates will do
fine.
Regarding the mail problem (outlook spreading virus), a good user training
_and_ a good software (I personally recommend mimesweeper) will do the job.
Mimesweeper will, for example, filter all mails and prevent receving mails with
specific attachments for specific users.
My users do not receive dangerous mail attachments (EXE, VBS, etc), unless they
work in a Department that receive this kind of mail.
Hope this will help,
Best Regards,
António Mateus
> We are considering using a multiple installation of firewalls in all our
> servers. All servers are Windows 2000 Advanced Server with no IIS as we
> have no website or web services other than Internet access and e-mail.
> Both Internet and e-mail are accessed via a separate proxy server
> running Linux Red Hat 6.1, and it is necessary for the user to
> authenticate him/herself before any e-mail or web access is done. The
> idea is to establish firewalls between all our servers inside our LAN,
> so all traffic inside the network is filtered by the firewalls, and also
> as we have several domains, to try and stem the spreading of virus
> inside the network ( beside the fact that all pcs have AV and its daily
> updated ) by filtering the traffic at the Servers using the firewalls
> and the AV.
>
> The question are:
>
> We know it may affect performance inside the network, but…
>
> - Will it slow the network too much? (we are talking about 80 computers
> and 4 servers plus the proxy
> server itself, so all told 5 servers)
>
> - Is this possible to implement beside the normal confidence policies?
>
> - Has anyone used this tactic before?
>
> - What could be/are there any more good/bad sides to this idea?
>
> - What firewall would be best? Zone Alarm? Black Ice? Wingate? TPF?
>
> Many thanks for all help and comments.
>
> Jorge Roxo,
>
> TCSA/Sotagus Computer Systems Administrator.
>
-- Crie o seu email gratuito no mail.pt http://www.mail.pt
- Previous message: Jorge Roxo: "RE:RE: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)"
- Maybe in reply to: Jorge Roxo: "Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
