Re: Firewall and DMZ topology

["Steve Bremer" <steveb () nebcoinc com>]

> In theory yes, however, if your administration isn't perfect, it would
> actually LOWER your security stance.  Kind of goes against the KISS
> principal unless you have enough staff/time to keep a close eye on it.
>  Guess it all depends on your size.

True, but I figure that's what I'm paid for ;-)  Like you said, it goes 
back to administration.  What is complex for one person, may be 
easy for another.

I was thinking more along the lines of Linux on one firewall and 
OpenBSD on the other.  Knowing one version of *nix, usually makes 
it easier to use/configure another.  However, I could see where 
using a combination like Cisco PIX + MS ISA  or even Linux + MS 
ISA would require a broader skill set to administer properly than two 
versions of *nix.

Steve Bremer
NEBCO, Inc.
System & Security Administrator

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------