It's the same concept as layered pastries. You take your firewall, roll it,
fold it, roll it again, and then smother it in rich, creamery butter...
Mmmmm. Butter.
Or, a much more boring definition is a situation where you might have a
packet screening router at the edge, then a DMZ, then an application proxy
firewall, then a services zone which contains general user PCs or something,
then a custom written front end to a database farm in a secure subnet. Or
something.
I think the conventional wisdom is to mix platforms, firewalling types,
hardware / software solutions etc. The idea is not only to give yourself
more cover, but also to avoid a situation where multiple firewalls might be
vulnerable to a shared vulnerability (five BSD firewalls are no good if the
same TCP/IP stack implementation bug works on all of them).
--
Ben Nagy
Network Consultant, CPM&S Group of Companies
Direct: +61 8 8422 8319 Mobile: +61 414 411 520
> -----Original Message-----
> From: Magowan, Richard M. (ITS) [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 22, 1999 6:37 AM
> To: '[EMAIL PROTECTED]'
> Subject: Layered Firewalls
>
>
> Hi All,
> Recently someone put a bug in management's ear here regarding
> "layered"
> firewalls. I am not familiar with this term. Logically I
> think of a layered
> approach where say you might run a PIX Firewall to the ISP,
> maybe have a
> Checkpoint firewall in front of the PIX to do different
> filtering etc. Or am
> I completely wrong and does the term "layered firewall"
> define some firewall
> architecture I haven't heard of. Any advise/links are
> appreciated. Thanks.
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
