Security Basics mailing list archives
RE: Network Design
From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 26 Aug 2003 08:48:38 -0700
There's a recurring argument about whether it's better to have two firewalls, as you've proposed, or a single firewall with three or four interfaces. Proponents of the two-firewall approach point to the possible synergistic effects of deploying two different types/brands, in hopes that vulnerabilities on one will not penetrate the other. Proponents of the single-firewall design, however, can point to ease of management and lower cost of a single box. And it seems to me that these factors will be much easier to sell in a 20-50 person environment. In a "three-legged" single-firewall environment, it's also true that traffic between the inside network and the Internet never appears on the DMZ segment, and saves a router hop in each direction. These are probably not important in most cases, but might be of interest to you. David Gillett
-----Original Message----- From: Jeff McClintock [mailto:lord_fiery () yahoo com] Sent: August 25, 2003 00:51 To: security-basics () securityfocus com Subject: Network Design Hello, I've been tasked with creating my first ever network. Definitely exciting, but lots of stuff to know :) Given that, I wanted to run this by you guys and get some opinions. I work for a small firm of 20-25 employees that use Windows 2000 and XP exclusively. They are planning to scale to a maximum of 50 people within a year. They have a full T1, and want to have an FTP server, VPN and OWA access. Web hosting is done by their ISP. Does this seem like a pretty secure set up for them: Internet -> Firewall -> (DMZ) FTP/OWA server (DMZ) -> DMZ Firewall -> Corporate LAN (with Exchange, employee machines, etc...) If so, any rec's on firewalls for something like this? Since it's a small firm, price is always an issue. thanks jm -------------------------------------------------------------- ------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Network Design Jeff McClintock (Aug 26)
- RE: Network Design David Gillett (Aug 26)
- RE: Network Design Justin F. Knox (Aug 27)
- Re: Network Design Tomas Wolf (Aug 27)
- Re: Network Design pablo gietz (Aug 27)
- <Possible follow-ups>
- RE: Network Design DeGennaro, Gregory (Aug 26)
- Re: Network Design Lee Rich (Aug 26)
- RE: Network Design Halverson, Chris (Aug 26)
- RE: Network Design Smith, Chris (Aug 26)
- Re: Network Design salgak (Aug 26)
- RE: Network Design DeGennaro, Gregory (Aug 26)
- RE: Network Design Cherian M. Palayoor (Aug 26)
(Thread continues...)