Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Firewall and DMZ topology

From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 10 Jun 2003 10:10:38 -0700
-----Original Message-----
From: Chris Berry [mailto:compjma () hotmail com]
I'm afraid I don't see how that:

internet --> Firewall --> Lan

internet --> Firewall --> DMZ


  Actually, it's

internet <-- Firewall <-- LAN
 
internet --> Firewall --> DMZ


would be any more secure than this:

internet --> Outer Firewall --> DMZ --> Inner Firewall --> LAN


internet <--> Outer Firewall <--> DMZ <-- Inner Firewall <-- LAN

(no more secure, and slightly inefficient

 

or this:

internet -->  Firewall --> LAN
                             --> DMZ


internet <-->  Firewall <-- LAN
                  |
                  V
                 DMZ

which uses a single (3-legged) firewall box and doesn't force
traffic from LAN to DMZ to transit the Internet (or vice versa)
as the alternatives above do.

  (The arrowheads, as I've indicated them above, reflect directions
of allowed session initiation.)

David Gillett

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: