Security Basics mailing list archives
Re: Defense in Depth
From: "Naren" <naren () pactech net>
Date: Mon, 1 Nov 2004 11:38:33 +0800
Dear all, My $ 0.02The idea behind two firewalls is because of different technologies, and capabilities, having two firewalls from two different vendors help minimise the possibility of traffic that is not intercepted by one firewall being stopped by the other .. like a mix and match.
And normal practise is to have the first level as a Stateful inspection, to reduce most common forms of attacks - and also reducing the traffic that hits the 2nd level firewall, and the second as an application layer firewall, for stricter checking of traffic passing through.
This is a very basic requirement .. and there is no firewall which can stop all forms of threats (in my limited experience .. atleast. ...)
Naren----- Original Message ----- From: Ravi Kumar
To: Ronish Mehta Cc: security-basics () securityfocus com Sent: Friday, October 29, 2004 1:35 PM Subject: Re: Defense in Depth Hi Ronsih,Why do you prefer two firewalls? Does that mean are you not confident enough with the first firewall capabilities!!
-Ravi Ronish Mehta wrote:
Hi List, I have a network setup with 2 firewalls There is a DMZ on the Internet facing firewall The servers on this DMZ contains servers that host both "http" and "https" pages There are no DMZ on the second firewallFrom what I understand, this setup is not providingdefense in depth, at least not full defense in depth I wanted to create a DMZ on the second firewall, and move servers that host "HTTPS" pages to this new DMZ Would this new setup improve the security of the network? Thanks for comments, Ronish __________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail
This mail has been scanned for known virusses and spam by the MXTreme Mail Firewall, and is considered spam free. For more info, visit http://www.pactech.net
Current thread:
- Re: Defense in Depth Daniel Miessler (Nov 01)
- <Possible follow-ups>
- RE: Defense in Depth Randy Golly (Nov 01)
- Re: Defense in Depth Naren (Nov 01)
- Re: Defense in Depth Ghaith Nasrawi (Nov 03)
- Re: Defense in Depth Javier Blanque (Nov 01)
- Re: Defense in Depth Spencer Hall (Nov 02)
- Re: Defense in Depth Miles Stevenson (Nov 02)
- Re: Defense in Depth sf_mail_sbm (Nov 03)
- RE: Defense in Depth Randy Golly (Nov 04)
- RE: Defense in Depth Ghaith Nasrawi (Nov 08)