Re: What is more secure?

From: Chris Thorp (thorp_at_spacia.org)
Date: 02/28/05

  • Next message: Andrew Shore: "RE: anyone who saw this arp traffic?"
    Date: Mon, 28 Feb 2005 08:10:53 -0700
    
    

    >if he [a cracker] succeed he will gain all access to both networks:
    >
    >
    Tomas,

    I assume from this statement that you are using one triple homed
    firewall? If so, I'd suggest using two dual homed firewalls which are
    running different OSes with all publicly routable IPs.assigned to the
    outer firewall. That way if the outer firewall is broken, the attacker
    will only have access to the DMZ (assuming the internal firewall is
    configured such that the same attack won't work on both).

    My 2 cents,
    -Chris


  • Next message: Andrew Shore: "RE: anyone who saw this arp traffic?"