Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Firewall and DMZ

From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 12 Jun 2003 11:02:52 -0700
  The problem with this is that there's almost always a 
need to provide (some) LAN users with access to servers 
in the DMZ, such as to maintain content.
  To avoid exposing that traffic, or the necessary 
firewall holes, to the Internet, you need to add a 
third firewall between the LAN and DMZ.

  Explaining to management why you need three boxes 
where one can do the job is left as a career-limiting
exercise.

David Gillett



-----Original Message-----
From: Aaron Fisher [mailto:aaron-fisher () iinet net au]
Sent: June 11, 2003 23:38
To: security-basics () securityfocus com
Subject: RE:Firewall and DMZ


After seeing this topic go on for some time why not have a 
router with 2 
network interfaces one interface you would have your firewall 
and then 
internal LAN

                                <> Firewall <> LAN
 internet <> router
                                <> Firewall <> DMZ

The other would have your firewall and then DMZ. You can then 
deny all 
traffic with a source add from the DMZ going to a dest of 
your LAN. This 
still wouldnt stop traffic originally coming from the LAN as 
im assuming 
you would be using NAT so the source address would be the routers 
external interface and it was initiated by the LAN. Hopefully this 
sugestion makes sense however routers with 2 10/100 network 
ports can be 
rather expensive.

Anyways thats my 2cents

Aaron



--------------------------------------------------------------
-------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by 
top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure 
remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
--------------------------------------------------------------
--------------



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: