DMZ

Fri, 3 Sep 1999 09:40:45 -0700 

hi all,
       IMHO defence should be subdivided like the layers of a 
onion.. therefore when it comes to the DMZ or moat whatever you
want to call it the more incumberances that you put in place to 
discourage free reign of packets the better security you will have 
as well as the more clearer a policy to maintain. packet filters 
are excellent separators ramped up with a full blown firewall 
sandwiched as it were by the packet filters. the idea of a proxy
as a go between with intensive monitoring of what occurs inside 
the no mans land also feels good.. maybe too good;-) NAT/Masquerading
seems to me the way to go on the inner PF if at all possible.
for most businesses this will be suffient. i also enjoy double 
NATing between each subnet .. but realize that this can be 
difficult for 'others' to maintain/manage. encrypt everything between
systems.. @ least if possible. 
seems that i suppose i will need to get out more;-) 
this has been a enjoyable convo..
                                                        Regards,
                                                        [EMAIL PROTECTED]
Reuters, London, February 29, 1998: 
Scientists have announced discovering a meteorite which will strike the 
earth in March, 2028.  Millions of UNIX coders expressed relief for being 
spared the UNIX epoch "crisis" of 2038.
_______________________________________________________________________

************** DREAMWVR.COM - TOTAL INTERNET SERVICES ****************
  TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here..
           <http://www.dreamwvr.com/services/MAX_SEC.html>
   DREAMWVR.COM - The Console of Many... 90 Topics Covered
<http://www.dreamwvr.com/dynamicduo.html> <mailto:[EMAIL PROTECTED]>
 -> Linux-Mandrake Solution Provider and North American Distributor <-
                        PRODUCT OF THE YEAR!
         <http://www.dreamwvr.com/mandrake/mandrake-main.html>
                       "===0 PGP Key Available  
*************** "As Unique as the Company You Keep." *****************
    "If anyone speaks from DREAMWVR.COM its certainly not me:-)"
________________________________________________________________________
                                                                   


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to