RE: Firewall and DMZ topology
From: Steve Bremer (steveb_at_nebcoinc.com)
Date: 06/10/03
- Previous message: chort: "Re: VPN vs changing routes"
- In reply to: Depp, Dennis M.: "RE: Firewall and DMZ topology"
- Next in thread: ed: "RE: Firewall and DMZ topology"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Tue, 10 Jun 2003 15:01:04 -0500
> I do think tri-homed firewalls are a good solution, but they are not
> as secure as a two firewall solution.
Why not combine both topologies?
Internet
|
|
|
Ext FW ----------- External DMZ
|
| (Int DMZ)
|
Int FW
|
|
|
LAN
The network between the Ext FW and the Int FW could be used as
an "internal DMZ" for the proxy server. Then, the external DMZ
could be reserved solely for those machines that the outside world
must have access to. Ideally, the external FW and the internal FW
should be using different software (pf, iptables, ipf, etc).
What do you think? Am I overly paranoid?
Steve Bremer
NEBCO, Inc.
System & Security Administrator
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
- Previous message: chort: "Re: VPN vs changing routes"
- In reply to: Depp, Dennis M.: "RE: Firewall and DMZ topology"
- Next in thread: ed: "RE: Firewall and DMZ topology"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
