Re: What is more secure?
From: Chris Thorp (thorp_at_spacia.org)
Date: Mon, 28 Feb 2005 08:10:53 -0700
>if he [a cracker] succeed he will gain all access to both networks:
I assume from this statement that you are using one triple homed
firewall? If so, I'd suggest using two dual homed firewalls which are
running different OSes with all publicly routable IPs.assigned to the
outer firewall. That way if the outer firewall is broken, the attacker
will only have access to the DMZ (assuming the internal firewall is
configured such that the same attack won't work on both).
My 2 cents,