All of your options are being pointed out, but some not as clearly as
others. Maybe I can clarify.
Option 1: 1 Firewall w/ 3 interfaces, intf1 - Internet, intf2 - DMZ, intf3 -
LAN
Although this is probably the most common implementation of a firewall
solution, it's certainly not the most secure. The main problem is that one
firewall provides a single point of entry for attackers. Should an attacker
manage to infultrate the DMZ, the likelihood they'll be able to infultrate
the local network is higher.
Option 2: 2 Firewalls. The configuration would look something like this:
{router}--->Firewall(A)<--|-->Firewall(B)---->[LAN]
|
|
|
{DMZ}
This configuration is widely used, but not used enough. It provide better
security against attackers, and as you can see, there's no single point of
entry to your local network. Obviously you would open specific ports for
access to systems in the DMZ, mail, web, ftp, etc. But you would block all
access to your local network.
There are, of course, other options, but these are certainly the most
commonly implementations.
Hope this helps.
Michael White
Manager, IT
LMS CADSI
-----Original Message-----
From: Derrenbacker, L. Jonathan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 02, 2002 1:41 PM
To: '[EMAIL PROTECTED]'
Subject: DMZ - 2 firewalls, or 1 firewall + 1 router
I heard that you can make a DMZ with a router and a firewall. Is that a good
way to make a DMZ, or should you use 2 firewalls?
Thanks in advance.
