Security Basics mailing list archives
Firewall and VLAN security design
From: Ahmed Ameen <ahmedameen () gmail com>
Date: Sun, 31 Oct 2004 02:45:44 +0200
Hi All,
Currently we are redesigning our LAN to include a DMZ zone, and we
need to reach the best security design.
The available equipments are:
1-PIX with 3 NIC's
2-L3 Switch
3-N-IDS
My preliminary design is as follows
Internet
|
|
--------
|PIX |____DMZ
| |
--------
|
|
LAN
Internet
|
|
--------
|NIDS |____DMZ
| |
--------
|
|
LAN
Internet VLAN1
|
|
---------------
|L3 Switch|____DMZ VLAN2
| |
----------
|
|
LAN VLAN3
My Questions would be:
Is it ok to use a multi homed firewall, or should I conceder 2
physical firewalls, what would be the threat of using one.
Is VLAN segmentation enough to segment between the internet, DMZ and
the internal network, or should I also use different switches for
each, and be connected through the firewall.
Thanks
Firewall and VLAN security design
Current thread:
- Firewall and VLAN security design Ahmed Ameen (Nov 01)
- RE: Firewall and VLAN security design David Gillett (Nov 01)
- RE: Firewall and VLAN security design Bryan S. Sampsel (Nov 02)
- RE: Firewall and VLAN security design David Gillett (Nov 03)
- RE: Firewall and VLAN security design Bryan S. Sampsel (Nov 02)
- <Possible follow-ups>
- RE: Firewall and VLAN security design Ivan Coric (Nov 03)
- RE: Firewall and VLAN security design Jonathan Loh (Nov 03)
- RE: Firewall and VLAN security design Paul Benedek (Nov 03)
- RE: Firewall and VLAN security design Bryan S. Sampsel (Nov 03)
- RE: Firewall and VLAN security design Ghaith Nasrawi (Nov 12)
- RE: Firewall and VLAN security design Ivan Coric (Nov 03)
- RE: Firewall and VLAN security design David Gillett (Nov 01)