RE: FW and Internet frame relay pvc

Mon, 21 May 2001 08:51:19 -0700 

hey, thanks for the reply.
there are no VPNs in my scenario, however.  its all frame pvcs that use the
same physical circuit as the internet connection (also a pvc).  the main
prob is that anyone who compromises the access router can get to the WAN and
bypass any firewall.  dunno, i think its just a flaw with using an internet
pvc on the same circuit as your WAN.
another option i thought of is to use a "router" that can firewall, like a
nokia w/ a v.35 connection or a cisco 2610 using the cisco firewall feature
set.  at least that way, you'd have some extra security.

-----Original Message-----
From: Marc Renner [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 21, 2001 11:05 AM
To: [EMAIL PROTECTED]
Subject: Re: FW and Internet frame relay pvc


Hi Zach,

Here is how you want it to look. Never have a connection (either direct or
indirect) from a publicly accessible router to your internal lan. Next you
want to configure your VPN links between your remote locations. Depending on
your security model, these connections can be implemented from either your
internal (trusted, point to point circuits) router(s) , or your external
(untrusted, circuits) router(s).

  FRAME
  CLOUD
    |
   T1
    |
  router (external)
    |       
  FW
   |
router   (internal)
   |
 LAN (switch)


cheers..

Marc..

+++++++++++++++++++++++
Marc Renner - Director         http://ci.marysville.wa.us
Network Operations Dept.    Mailto:[EMAIL PROTECTED]
City of Marysville, Wa.          (360) 651-5000
ISSA Member # 10281         http://www.issa.org
+++++++++++++++++++++++

>>> "Heeter, Zachary R" <[EMAIL PROTECTED]> 05/21 7:58 AM >>>
Hi all,

  
  FRAME
  CLOUD
    |
   T1
    |
  router---FW
    |          |
  LAN-----switch

some problems with this little scenario is you are totally relying on
routing and
that router to provide security, if the router goes, someone can eliminate
traffic through the FW.
anyone have any other workable solutions that have been implemented, not
just a dream like
my above scenario?  just looking for some expertise on something i know lots
of people run into.

Thanks,
Zach


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to