Firewall Wizards mailing list archives
Content Switch as security device?
From: "Ludolph, Michel" <Michel.Ludolph () atosorigin com>
Date: Wed, 29 Jan 2003 21:18:10 +0100
This afternoon I had a discussion with a collegue. He told me about a proposed Corporate Internet connection. In stead of using a Firewall between the DMZ and the external network, the idea was to use a Cisco Content Switch. This would result in the following architecture: Internet --> screening router --> Content Switch --> router --> web servers. This would mean that the Content Switch also acts as a sort of proxy-firewall, justified by the fact that only defined ports are permitted. I do not feel very comfortable with this solution. What about syn-floods and fragmentation attacks? Furhter, a Content Switch is not designed to act as a security device (it may listen to ports you are not aware of). Has anyone come across such a solution, or have any thougths on this? Thanks, Michel Ludolph michel.ludolph () atosorigin com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Content Switch as security device? Ludolph, Michel (Jan 29)
- Re: Content Switch as security device? Dave Mitchell (Jan 29)
- Re: Content Switch as security device? Gary Flynn (Jan 30)
- Re: Content Switch as security device? Duncan Sharp (Jan 29)
- Re: Content Switch as security device? Ben Nagy (Jan 30)
- Re: Content Switch as security device? Dave Mitchell (Jan 29)