RE: Defense in Depth

["Randy Golly" <rcgolly () vermeertexas com>]

Hence the title of this thread ... Defense in Depth.  First firewall allows
the DMZ, the second would allow no incoming IP at all unless initiated from
behind the second firewall.  Second firewall would be protecting critical
data servers and other assets from internal network.  Also place them on a
separate subnet behind the second firewall.  Theory is that if (when) all
hell breaks loose on the internal network, and critical data is sitting
behind its own firewall.

Randy Golly

-----Original Message-----
From: Ravi Kumar [mailto:ravivsn () rocsys com] 
Sent: Friday, October 29, 2004 12:35 AM
To: Ronish Mehta
Cc: security-basics () securityfocus com
Subject: Re: Defense in Depth

Hi Ronsih,
  Why do you prefer two firewalls? Does that mean are you not confident 
enough with the first firewall capabilities!!

-Ravi

Ronish Mehta wrote:
> Hi List,
>
> I have a network setup with 2 firewalls
>
> There is a DMZ on the Internet facing firewall
>
> The servers on this DMZ contains servers that host
> both "http" and "https" pages
>
> There are no DMZ on the second firewall
>
> > From what I understand, this setup is not providing
> defense in depth, at least not full defense in depth
>
> I wanted to create a DMZ on the second firewall, and
> move servers that host "HTTPS" pages to this new DMZ
>
> Would this new setup improve the security of the
> network?
>
> Thanks for comments,
>
> Ronish
>
>
>       
>               
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - You care about security. So do we.
> http://promotions.yahoo.com/new_mail

Attachment: smime.p7s
Description: