Firewall Wizards mailing list archives

Re: (no subject)

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sun, 29 Jul 2001 04:54:03 -0400 (EDT)


Placing a screening router on the backboen, with the firewall behind it,
is a common layout.  It helps to filter stupid traffic from the firewall
and any internal IDS systems monitoring traffic.  Perhaps this is what you
are describing and offering to suggest to your mgt. folks.  Most major
MSSP's also use the screening router concept, though, some  of those folks
tend to get stuck in a number of restrictive conditions, one being a
freeze upon new versions of the IOS as well as the code of the firewall
and any other perimiter devices they place to be managed.

Thanks,

Ron DuFresne

Thanks,

Ron DuFresne


On Fri, 27 Jul 2001, Terry Bertrand wrote:

I don't believe that letting the firewall have a direct connection to the 
backbone would be a good idea.  It design would be as follows backbone -> 
router -> firewall -> local router (optional) -> local lan.

Terry

From: "R. DuFresne" <dufresne () sysinfo com>
To: Terry Bertrand <tfbsr () hotmail com>
CC: firewall-wizards () nfr com
Subject: Re: [fw-wiz] (no subject)
Date: Fri, 27 Jul 2001 09:50:18 -0400 (EDT)

Where else are you thinking of placing the device?  Granted, they can and
are often used within an organisation to define and protect differing
boundries of access, the main point of entry into the network is the place
one would want to make sure is secured and monitored.

Thanks,

Ron DuFresne

On Fri, 27 Jul 2001, Terry Bertrand wrote:

To whom it may concern

Trying to get some more good reason to convey to management as to why it

is

bad to place a firewall at the edge or border.

Thanks
Terry

_________________________________________________________________
Get your FREE download of MSN Explorer at

http://explorer.msn.com/intl.asp


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!



_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

(no subject) Terry Bertrand (Jul 27)
- Re: (no subject) Dustin D. Trammell (Jul 28)
- Re: (no subject) R. DuFresne (Jul 28)
- <Possible follow-ups>
- Re: (no subject) Antonomasia (Jul 28)
- Re: (no subject) Terry Bertrand (Jul 28)
  - Re: (no subject) R. DuFresne (Jul 29)