Firewall Wizards mailing list archives

RE: Per application port DMZ segments?

From: "Wes Noonan" <mailinglists () wjnconsulting com>
Date: Tue, 18 Jan 2005 13:18:26 -0600

-----Original Message-----
From: Paul D. Robertson [mailto:paul () compuwar net]
Sent: Tuesday, January 18, 2005 13:03
To: Wes Noonan
Cc: firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] Per application port DMZ segments?

On Tue, 18 Jan 2005, Wes Noonan wrote:

2) The well known issue of VLANs and VLAN hopping


Implementation dependent.


[WJN] Cisco shop, so we all know they have been susceptible in the past...

4) The requirement for entirely too many IP subnets in the DMZ


Supernetting is your friend.


[WJN] Hadn't considered that (mostly because I don't want to consider
anything that enables this design), but that's a good idea if I get forced
down this path...

Hardening Network Infrastructure - A concise how to guide


Shoulda put it in the book ;)


[WJN] I did!!! Unfortunately, they want more than just my "expert" opinion!!
<g>

Thanks Paul.

Wes Noonan
mailinglists () wjnconsulting com  
http://www.wjnconsulting.com  
Hardening Network Infrastructure - A concise how to guide
Available Now!!
Order at http://tinyurl.com/5852cwhich may have no basis whatsoever in
fact."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

l2tp/Ipsec and pix Jean Caron (Jan 19)
- Per application port DMZ segments? Wes Noonan (Jan 19)
  - Re: Per application port DMZ segments? Paul D. Robertson (Jan 19)
    - RE: Per application port DMZ segments? Wes Noonan (Jan 19)
    - RE: Per application port DMZ segments? Paul D. Robertson (Jan 19)
    - RE: Per application port DMZ segments? Carson Gaspar (Jan 19)
  - Re: Per application port DMZ segments? Kevin (Jan 19)