Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: cyberguard performance?

From: Kevin Steves <stevesk () pobox com>
Date: Sat, 4 Jan 2003 09:26:02 -0800
On Fri, Jan 03, 2003 at 11:46:41AM -0500, Pieper, Rodney wrote:

Perhaps the best description of the multiple device is "Defense in Depth".
The philosophy that a vulnerability that can be applied to the security
device at the edge and defeat the security control will not be the same
vulnerability that is found on the next security device (between the DMZ and
the Intranet). 


Or between the next layer of the security perimeter.  There are
firewalls that have: exterior filtering router <-> exterior firewall
gateway <-> interior firewall gateway <-> interior filtering router
<-> private netowrk.  With various DMZs off the gateways and HA etc.


By using multiple vendors devices one can create a much more difficult path
towards comprimise of the 'plums'.


That can be called diversity in defense, or also diversity in depth.
I've designed firewalls that used 2 different vendor firewall products
in tandem, but the reason wasn't strictly diversity.  One was a good
stateful packet filter, and the other was a good application level
gateway.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: