Security Basics mailing list archives
RE: Firewall and DMZ topology
From: "Depp, Dennis M." <deppdm () ornl gov>
Date: Tue, 10 Jun 2003 16:11:20 -0400
First in order to increase security Firewall1 should not be the same as Firewall2. Even if they are the same, rules will be different on each of the firewall. Different rules means different vulnerabilities. Finally Intrusion detection should be more sensative on the inside of the outer firewall. This enhanced sensativity should alert you that someone is attempting to compromize the inner firewall. Dennis PS I seriously doubt if two firewalls have the same configuration if one is an internal and one is an external firewall. For example, on the external firewall I will allow HTTP request to various Web servers in the DMZ. The internal firewall should not allow any internet user to access a web server.
-----Original Message----- From: Daniel B. Cid [mailto:danielcid () yahoo com br] Sent: Tuesday, June 10, 2003 2:47 PM To: Zach Crowell Cc: security-basics () securityfocus com I think similar to you. In most companies all the firewalls are the same(same OS, same version and same configuration).. If someone is able to crack the firewall 1, will be able to crack the firewall 2 and 3 .. []`s Daniel B. CidOn Tue, 2003-06-10 at 13:41, Zach Crowell wrote: Erik Vincent wrote:I think there is a major difference between: 1: internet --> Outer Firewall --> DMZ --> Inner Firewall --> LAN If your Outer Firewall iscrack, only the DMZcomputer will be unprotected but the LAN portion still protected.Under what conditions would these firewalls be configured any differently from a vulnerability-assessment view point? i.e., if someone was able to crack the outer firewall, is it not likely they would crack the inner firewall as well? Zach-------------------------------------------------------------- -------------Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader bytop analysts!The Gartner Group just put Neoteris in the top of its MagicQuadrant,while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secureremote access inabout an hour, with no client, server changes, or ongoingmaintenance.Visit us at: http://www.neoteris.com/promos/sf-6-9.htm-------------------------------------------------------------- -------------- -------------------------------------------------------------- ------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- RE: Firewall and DMZ topology, (continued)
- RE: Firewall and DMZ topology Des Ward (Jun 10)
- Re: Firewall and DMZ topology Aaron Fisher (Jun 11)
- Re: Firewall and DMZ topology Christopher Ingram (Jun 10)
- RE: Firewall and DMZ topology Des Ward (Jun 10)
- RE: Firewall and DMZ topology Chris Berry (Jun 10)
- Re: Firewall and DMZ topology Chris Berry (Jun 10)
- RE: Firewall and DMZ topology Depp, Dennis M. (Jun 10)
- RE: Firewall and DMZ topology Steve Bremer (Jun 10)
- RE: Firewall and DMZ topology ed (Jun 10)
- RE: Firewall and DMZ topology David Ellis (Jun 10)
- RE: Firewall and DMZ topology DeGennaro, Gregory (Jun 10)
- RE: Firewall and DMZ topology Depp, Dennis M. (Jun 10)
- RE: Firewall and DMZ topology Daniel B. Cid (Jun 10)
- Re: Firewall and DMZ topology Chris Berry (Jun 10)
- Re: Firewall and DMZ topology Steve Bremer (Jun 11)
- RE: Firewall and DMZ topology Depp, Dennis M. (Jun 11)
- RE: Firewall and DMZ topology Depp, Dennis M. (Jun 11)
- RE: Firewall and DMZ topology Morgado Alain (Jun 11)
- Ang: RE: Firewall and DMZ topology marcus (Jun 11)
- RE: Firewall and DMZ topology ed (Jun 11)
- RE: Firewall and DMZ topology David Gillett (Jun 11)
- Re: Firewall and DMZ topology Adam Newhard (Jun 11)
(Thread continues...)