nanog mailing list archives
Re: which firewall product?
From: Blake Dunlap <ikiris () gmail com>
Date: Tue, 30 Jul 2013 19:13:22 -0500
Understood. I expected as much but thought I'd ask. Most of my suggestions would require more knowledge of the layout to be filtered out. I really don't know what you'd find that would do what you want in this case, based on the requirements stated previously. Sorry =/ I'd look more to finding a way to make it a truly isolated unit that they could audit personally, instead of a distributed zone with boundaries in the middle. -Blake On Tue, Jul 30, 2013 at 5:39 PM, William Herrin <bill () herrin us> wrote:
On Tue, Jul 30, 2013 at 5:36 PM, Blake Dunlap <ikiris () gmail com> wrote:Well, I guess my first question is: Is this a design you are stuck withforsome reason or alternately, is there a good reason for it, and I need tobeeducated as to real world design? It seems rather odd to put a firewall boundry between a LB and its associated cluster as opposed to in front of the LB.Howdy, Paperwork. The customer owns 3 servers in a system of a consisting of a hundred or so. He wants his security people to accredit it. They won't accredit individual servers, so his options were: duplicate the full system just for him (very expensive) or create a security boundary where he can say, "This is my enclave. Accredit my enclave." Naturally his security people decide that they don't want the firewalls to be additional servers running Linux. That would make it far too easy to secure his system. I don't yet know if they'd accept an appliance running Linux underneath. :/ -Bill -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- which firewall product? William Herrin (Jul 30)
- RE: which firewall product? Warren Bailey (Jul 30)
- RE: which firewall product? Charles N Wyble (Jul 30)
- Re: which firewall product? Michael Brown (Jul 30)
- Re: which firewall product? William Herrin (Jul 30)
- Re: which firewall product? Blake Dunlap (Jul 30)
- Re: which firewall product? William Herrin (Jul 30)
- Re: which firewall product? Blake Dunlap (Jul 30)
- RE: which firewall product? Charles N Wyble (Jul 30)
- Re: which firewall product? Kinkaid, Kyle (Jul 30)
- RE: which firewall product? Warren Bailey (Jul 30)
- Re: which firewall product? Owen DeLong (Jul 30)
- Re: which firewall product? Christopher Morrow (Jul 31)
- Re: which firewall product? Richard Golodner (Jul 30)