Just to remove this topic from that other thread about PIX clones, Patrick R. brought up some good points in one of his posts.
Security design ( which is apparently NOT what cisco teaches or tests in their security programs ) is a lot more than just closing ports and doing NAT. Many organizations have reason to segregate various pats of their network from eachother. Financial institutions, medical organizations, insurance companies, any operation that has information that is "need to know" has reason to set up multiple security zones. We cover some of this thinking when we talk about access-lists. Modern multiport firewalls take this to its logical extreme in their design and philosophy. for example, given a County School Board, which has an internet connection, and permits multiple school districts to share that internet connection through a WAN. Is it reasonable or rational, let alone good security practice, to consider a two port firewall as adequate protection? ( three port if there is a DMZ for, say, school web sites ) ???? how about a brokerage firm, where there are supposed to be "chinese walls" between their sales, investment banking, and research operations? what about any company with payroll, human resources, sales, "trade secret" operations such as manufacturing or patent development? With everyone become interconnected, it is more important than ever to study security in terms of protecting assets, rather than filtering ports or addresses. Identification of those assets is an integral part of the process. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36677&t=36677 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
