No IP doesn't mean you cant manage the device remotely, what about a
terminal server with a console connection
Sorry just my 2p worth
Clifford Thurber
<cthurber@edisonscho To: Diederik Schouten
<[EMAIL PROTECTED]>, "Georges J. JAHCHAN P.
ols.com> Eng." <[EMAIL PROTECTED]>
Sent by: cc: Firewalls List
<[EMAIL PROTECTED]>
firewalls-admin@list Subject: Re: Bridging vs. Routing
Firewalls.
s.gnac.net
12/04/2002 15:06
How about the practicality of managing one of these from thousands of miles
away? No IP means that someone needs to be in physical proximity.
At 11:09 AM 4/12/2002 +0200, Diederik Schouten wrote:
>Bridging vs Riuting firewalls...
>
>
>The main strength of a bridged firewall to me is the fact that it only
>exists virtually on the network.
>How to attack a firewall that you cannot address directly?
>Even when you are connected to the same network/switch you will not be
>able to find the firewall, unless you know what you are
>looking for.
>
>Implementation wise a bridging/routing firewall offers you a few
>advantages over a routed one.
>
>1. when you have to add the firewall to an already existing network, you
>do not need to reconfigure any other device on the
>network, your addressing schemes and routing stays exactly the same, the
>only downtime you will have is due to the fact that
>you have to connect the cabels. (and even that can be solved by using
>vlan's on your switches and just swapping the upstream
>routers interface into a separate vlan together with the downstream
>interface of the firewall.
>
>- Since you do not need to change your routing topology you do not need to
>creat more transit subnets, and thus you save IP
>addresses.
>- When changing routing topologies often many devices will have to have
>their configuration changed. With a bridged firewall
>this is not needed.
>
>2. Putting multiple firewalls in series to create for example more ports
>becomes very easy, although for example with the
>Lucent BRICK this isnot necesary since it supports VLAN tagging and with a
>VLAN capable switch you can create virtually any
>number of "virtual" firewalls you might need, and give them all their own
>ruleset.
>No need for recabling and expensive upgrades.
>
>3. In general purpose build devices are less vulnerable, a purpose build
>firewall does not depend on the operating system of
>the router/platform it is running at, lowering the chance of being
>penetrated due to bugs in code other than for the firewall.
>(as Nokia, Checkpoint, Cisco etc.)
>
>4. When both your routing services and firewall services are based on one
>device, then everytime you need to make changes to
>the routing you will probably also have to change your firewwall
>configuration, creating more downtime.
>
>Of course not all bridging firewalls are the same, my only bridging
>firewall experience is with the Lucent Managed Firewall or
>BRICK which does both bridging and routing at the same time if need, and
>therefor can be easily deployed in any situation, I
>have not come across a setup that I could not realise.
>
>Greetings,
>
> Diederik Schouten
>_______________________________________________
>Firewalls mailing list
>[EMAIL PROTECTED]
>http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
