Security Basics mailing list archives
Re: Firewall and DMZ topology
From: "Chris Berry" <compjma () hotmail com>
Date: Tue, 10 Jun 2003 14:18:19 -0700
From: "Steve Bremer" <steveb () nebcoinc com> > Under what conditions would these firewalls be configured any > differently from a vulnerability-assessment view point? i.e., if > someone was able to crack the outer firewall, is it not likely they > would crack the inner firewall as well? Not necessarily. If different types of firewalls are used for each, the chance of both being compromised has been significantly reduced. However, a poorly implemented filtering policy applied to both firewalls could still allow unwanted traffic *through* them.
In theory yes, however, if your administration isn't perfect, it would actually LOWER your security stance. Kind of goes against the KISS principal unless you have enough staff/time to keep a close eye on it. Guess it all depends on your size.
Chris Berry compjma () hotmail com Systems Administrator JM Associates "Gold is for the mistress - silver for the maid Copper for the craftsman cunning in his trade. "Good!" said the Baron, sitting in his hall But steel - cold steel is master of them all." -- Rudyard Kipling _________________________________________________________________Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
--------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Current thread:
- Re: Firewall and DMZ topology, (continued)
- Re: Firewall and DMZ topology Christopher Ingram (Jun 10)
- RE: Firewall and DMZ topology Chris Berry (Jun 10)
- Re: Firewall and DMZ topology Chris Berry (Jun 10)
- RE: Firewall and DMZ topology Depp, Dennis M. (Jun 10)
- RE: Firewall and DMZ topology Steve Bremer (Jun 10)
- RE: Firewall and DMZ topology ed (Jun 10)
- RE: Firewall and DMZ topology David Ellis (Jun 10)
- RE: Firewall and DMZ topology DeGennaro, Gregory (Jun 10)
- RE: Firewall and DMZ topology Depp, Dennis M. (Jun 10)
- RE: Firewall and DMZ topology Daniel B. Cid (Jun 10)
- Re: Firewall and DMZ topology Chris Berry (Jun 10)
- Re: Firewall and DMZ topology Steve Bremer (Jun 11)
- RE: Firewall and DMZ topology Depp, Dennis M. (Jun 11)
- RE: Firewall and DMZ topology Depp, Dennis M. (Jun 11)
- RE: Firewall and DMZ topology Morgado Alain (Jun 11)
- Ang: RE: Firewall and DMZ topology marcus (Jun 11)
- RE: Firewall and DMZ topology ed (Jun 11)
- RE: Firewall and DMZ topology David Gillett (Jun 11)
- Re: Firewall and DMZ topology Adam Newhard (Jun 11)
- nmap for windows Zekeriya Eskiocak (Jun 12)
- RE: nmap for windows Jason Jaszewski (Jun 12)
(Thread continues...)