Firewall Wizards mailing list archives
Q: Properly separating trust domains
From: "Bill Stout" <bill.stout () aristasoft com>
Date: Thu, 16 Mar 2000 21:45:20 -0800
[My rust will show here] What is the best practice to separate networks based on trust level? Say for example you have a large pool of webservers on the DMZ. You then want to connect those to a pool of application servers on a back-end network. Can you then: I'net---FW---www----apps, or do you have to I'net----FW---www---FW---apps? O.K., question set differently. Say for example you have W2000 serving out subscribed (captive) applications, and you use the W2000 system as a proxy between a green and an isolated blue network (dual-homed). Can you then: I'net---FW---WTS----apps, or do you have to I'net----FW---WTS---FW---apps? Does the separation between trust domains have to be a traditional security device, or can a computer running an application itself be a proxy? Does the blue net technically turn green? Bill Stout
Current thread:
- Q: Properly separating trust domains Bill Stout (Mar 17)
- Re: Properly separating trust domains Adam Shostack (Mar 21)
- Re: Q: Properly separating trust domains woody weaver (Mar 21)
- <Possible follow-ups>
- RE: Q: Properly separating trust domains Carl Friedberg (Mar 21)
- RE: Q: Properly separating trust domains Linder, Daniel G. (Mar 21)