Re: What is more secure?

From: Chris Thorp (thorp_at_spacia.org)
Date: 02/28/05

  • Next message: Andrew Shore: "RE: anyone who saw this arp traffic?"
    Date: Mon, 28 Feb 2005 08:10:53 -0700
    
    

    >if he [a cracker] succeed he will gain all access to both networks:
    >
    >
    Tomas,

    I assume from this statement that you are using one triple homed
    firewall? If so, I'd suggest using two dual homed firewalls which are
    running different OSes with all publicly routable IPs.assigned to the
    outer firewall. That way if the outer firewall is broken, the attacker
    will only have access to the DMZ (assuming the internal firewall is
    configured such that the same attack won't work on both).

    My 2 cents,
    -Chris


  • Next message: Andrew Shore: "RE: anyone who saw this arp traffic?"

    Relevant Pages

    • RE: Is this as bad as it seems?
      ... The network being protected by the router or firewall is still vulnerable to ... > circumvented - the administrator has explicitly allowed HTTP traffic on ... this exploit has the effect of allowing the attacker to send *INBOUND* HTTP ... The HTTP server (located on the internal network or anywhere else that is ...
      (Security-Basics)
    • [NEWS] Multiple Firewalls Ruleset Bypass through FTP Revisited
      ... a new attack method affected most leading firewall ... connect to a restrictive port. ... resend control strings supplied by the attacker that a vulnerable firewall ... Connect to FTP server and log on ...
      (Securiteam)
    • [VulnWatch] vulnerabilities in fortigate firewall webinterface
      ... Several vulnerabilities in web interface of Fortigate firewall of which ... attacker to obtain a username and password of the Fortigate. ... Username and MD5 hash of password are stored in cookie. ... WEB FILTER LOG PARSES UNFILTERED SESSION DETAILS ...
      (VulnWatch)
    • [Full-Disclosure] vulnerabilities in fortigate firewall webinterface
      ... Several vulnerabilities in web interface of Fortigate firewall of which ... attacker to obtain a username and password of the Fortigate. ... Username and MD5 hash of password are stored in cookie. ... WEB FILTER LOG PARSES UNFILTERED SESSION DETAILS ...
      (Full-Disclosure)
    • Next-hop scanning for open firewall ports
      ... a router after the firewall, ... Given a target computer protected by a firewall, ... where it's beneficial to push the filtering as far ... R1 will send back ICMP expired messages, but the attacker won't ...
      (Bugtraq)