Security Basics mailing list archives
Re: Basic Network Configuration
From: DRAx <dra.x () ifrance com>
Date: Thu, 16 Oct 2003 08:47:23 +0000
David Gillett wrote:
One implements a DMZ in order to impose three sets of firewall rules: - between the internet and the DMZ subnet - between the internet and the trusted subnet - between the DMZ subnet and the trusted subnet Ignoring, for the moment, vulnerabilities in the firewall itself (more on that later), a single box with three interfaces is quite adequate to deliver this functionality at a quite reasonable cost.
Sounds like a DUMB thing to do...How can u IGNORE (even for a moment) the vulnerabilities in the firewall? The 3 NIC Firewall is going to be the box standing between you and the hostile world! This is the box that HAS TO BE THE MOST SECURE. Up-to-date on patches, NO services running, just some
iptables/ipchains/netfilter for instance and as UN-EXPLOITABLE as you can. If the firewall is compromized then so is your LAN.How can you ignore the vulnerabilities in the box taking care of your network's security?
--------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 ----------------------------------------------------------------------------
Current thread:
- Basic Network Configuration Smith, KC (Oct 14)
- Re: Basic Network Configuration Neal K. Groothuis (Oct 15)
- RE: Basic Network Configuration Stuart (Oct 15)
- Re: Basic Network Configuration cc (Oct 15)
- Re: Basic Network Configuration Anders Reed-Mohn (Oct 15)
- Re: Basic Network Configuration DRAx (Oct 15)
- Re: Basic Network Configuration Ansgar -59cobalt- Wiechers (Oct 15)
- Re: Basic Network Configuration Valter Santos (Oct 15)
- RE: Basic Network Configuration David Gillett (Oct 15)
- Re: Basic Network Configuration DRAx (Oct 16)
- RE: Basic Network Configuration David Gillett (Oct 16)
- Re: Basic Network Configuration DRAx (Oct 16)
- Re: Basic Network Configuration DRAx (Oct 16)
- Re: Basic Network Configuration Ansgar -59cobalt- Wiechers (Oct 16)
- RE: Basic Network Configuration David Gillett (Oct 16)
- Re: Basic Network Configuration 'Ansgar -59cobalt- Wiechers' (Oct 16)
- RE: Basic Network Configuration David Gillett (Oct 17)
- Re: Basic Network Configuration 'Ansgar -59cobalt- Wiechers' (Oct 17)
- Ports used by VTAM Naren - Pactech (Oct 17)
- <Possible follow-ups>
- Re: Basic Network Configuration Ivan Coric (Oct 15)