Security Basics mailing list archives
Re: Defense in Depth
From: "Spencer Hall" <SHALL () stvincentshealth com>
Date: Sun, 31 Oct 2004 09:23:23 -0500
Two firewall structure is just another form of securing your resources. In most cases it has very little to do with confidence in firewall capabilities. I would not move the https pages to the second firewall - I would use the extranet DMZ for WAN connections to partners, VPN and other trusted sources. I would also put highly secure systems that require significant access to internal host resources and major lockdown my rules to these resources.
Ravi Kumar <ravivsn () rocsys com> 10/30/04 02:36 AM >>>
Hi Ronsih, Why do you prefer two firewalls? Does that mean are you not confident enough with the first firewall capabilities!! -Ravi Ronish Mehta wrote:
Hi List, I have a network setup with 2 firewalls There is a DMZ on the Internet facing firewall The servers on this DMZ contains servers that host both "http" and "https" pages There are no DMZ on the second firewallFrom what I understand, this setup is not providingdefense in depth, at least not full defense in depth I wanted to create a DMZ on the second firewall, and move servers that host "HTTPS" pages to this new DMZ Would this new setup improve the security of the network? Thanks for comments, Ronish __________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail
----------------------------------------- NOTICE: This message is confidential, intended for the named recipient(s) and may contain information that is (i) proprietary to the sender, and/or, (ii) privileged, confidential and/or otherwise exempt from disclosure under applicable Florida and federal law, including, but not limited to, privacy standards imposed pursuant to the Federal Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). Receipt by anyone other than the named recipients(s) is not a waiver of any applicable privilege. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you in advance for your compliance with this notice.
Current thread:
- Re: Defense in Depth Daniel Miessler (Nov 01)
- <Possible follow-ups>
- RE: Defense in Depth Randy Golly (Nov 01)
- Re: Defense in Depth Naren (Nov 01)
- Re: Defense in Depth Ghaith Nasrawi (Nov 03)
- Re: Defense in Depth Javier Blanque (Nov 01)
- Re: Defense in Depth Spencer Hall (Nov 02)
- Re: Defense in Depth Miles Stevenson (Nov 02)
- Re: Defense in Depth sf_mail_sbm (Nov 03)
- RE: Defense in Depth Randy Golly (Nov 04)
- RE: Defense in Depth Ghaith Nasrawi (Nov 08)