A firewall is meant as an ADDITION to your router. Not to supliment it in
any way. When you put your router on the outside you want it as secure as
you can(it can be compromised and it is expected to be compromised) a
casulty of war you can call it. That is where the firewall comes in. It is
your 2nd layer of defense, and should be placed on a 2ndary machine BEHIND
the router to offer more security. This will allow you to harden the OS of
the firewall and the firewall itself with more security features and options
that you can enable or disable at your leasure(sp).
If you impliment both on one device the likelyhood of one being
compromised(your router more than likely) and the other also goes up
exponentially. That is why experts, security consultants, us here on this
group recomend putting the router->firewall->network in that setup and not
having one machine do double duty.
>From: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Re: issue with Nokia firewall / router...
>Date: Tue, 8 Aug 2000 09:27:22 -0400
>
>I agree that it is not the optimum configuration for performance reasons,
>nor that a properly configured router cannot add to the security of a
>network (in the same way that two firewalls are more secure than one). But
>how, exactly, do you see this as a major security issue, with a properly
>configured firewall?
>
>J Weismann wrote:
>
>this is not a good idea from any point of view. It is a major security
>issue
>in and of itself. A good place to deploy checkpoint would always be BEHIND
>
>your only router. It develops another layer of security ( a fence if you
>will) to help keep those nasty ole baddies out...
>
>
>
> >From: [EMAIL PROTECTED]
> >To: [EMAIL PROTECTED]
> >Subject: issue with Nokia firewall / router...
> >Date: Tue, 8 Aug 2000 10:06:18 +0100
> >
> >Hi,
> >
> >Is there any underlying issues with running Checkpoint Firewall-1 on a
> >Nokia IP330 which is also running as the only router to the internet?
> >
> >I understand that performance maybe impaired as its running as a router
>and
> >a firewall at the same time, yet do you know of any security issues?
> >
> >Simon
>
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
