RE: Firewall and DMZ topology

From: David Gillett (gillettdavid_at_fhda.edu)
Date: 06/10/03

  • Next message: Erik Vincent: "Re: Firewall and DMZ topology" 
    To: <security-basics@securityfocus.com>
Date: Tue, 10 Jun 2003 10:10:38 -0700

    > -----Original Message-----
    > From: Chris Berry [mailto:compjma@hotmail.com]
    > I'm afraid I don't see how that:
    >
    > internet --> Firewall --> Lan
    >
    > internet --> Firewall --> DMZ

      Actually, it's

    internet <-- Firewall <-- LAN
     
    internet --> Firewall --> DMZ

    > would be any more secure than this:
    >
    > internet --> Outer Firewall --> DMZ --> Inner Firewall --> LAN

    internet <--> Outer Firewall <--> DMZ <-- Inner Firewall <-- LAN

    (no more secure, and slightly inefficient

     
    > or this:
    >
    > internet --> Firewall --> LAN
    > --> DMZ

    internet <--> Firewall <-- LAN
                      |
                      V
                     DMZ

    which uses a single (3-legged) firewall box and doesn't force
    traffic from LAN to DMZ to transit the Internet (or vice versa)
    as the alternatives above do.

      (The arrowheads, as I've indicated them above, reflect directions
    of allowed session initiation.)

    David Gillett

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------

  • Next message: Erik Vincent: "Re: Firewall and DMZ topology"

    Relevant Pages

    • Re: Ten least secure programs
      ... viruses/worms) than to run an anti-virus on your emails. ... People hear the words "firewall" and to an amateur, ... don't need or should be using a more secure alternative for. ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • RE: Firewall and DMZ topology
      ... I'm not sure how a tri-homed firewall can be just as secure as a two ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
      (Security-Basics)
    • Re: Need advice about hacking and security
      ... All of my email accounts - Hotmail, Yahoo, ... > Outlook also requires a lot of tweaking to secure it. ... In some states, there are laws with teeth, ... > You probably need a firewall to start. ...
      (comp.security.misc)
    • Re: What security package for SBS?
      ... I have a secure Windows network. ... I also have a secure MacMini and on occasion a secure Ubuntu. ... With a business class firewall stripping crap off all incoming traffic and properly implemented security policies in addition to giving your users absolutely no admin rights, there is no reason to believe you can't create a secure Microsoft Network. ...
      (microsoft.public.windows.server.sbs)
    • Re: Firewall - Limit Geographic Area
      ... Firewall - Limit Geographic Area ... > times more secure than a Microsoft Windows machine can be). ... Redhat is conservative about what they release ... > - do not reuse passwords between your server and, say, random ...
      (RedHat)
    • Quantcast