G'day...
Don't forget that a DMZ does not require two firewalls - just two different segments running off one firewall. A two firewall setup is used when being ultra-paranoid. Two different firewalls are to be used, which means if one is exploited using cracker-technique-x it means that it is unlikely that cracker-technique-x will also be able to exploit the second firewall.
As I said - its when the resources can be afforded and when you're being ultra-paranoid - which such a bad thing at the best of times.
Warmest regards
Mike
---
Michael S. E. Kraus
Network Administrator
Capital Holdings Group (NSW) Pty Ltd
p: (02) 9955 8000
| Phil Scarratt <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 25/06/2003 09:02 PM
|
To: Mz <[EMAIL PROTECTED]>, SLUG <[EMAIL PROTECTED]> cc: Subject: Re: [SLUG] Network Problem |
In some circumstances agreed. There are lots of arguments for a DMZ
however. Do a quick google for DMZ (or de-militarized zone) and you will
come up with a stack of hits on DMZ's and their use. I think the basic
theory is that the public side firewall is more open than the internal
side firewall - hence a hacker needs to get past 2 firewalls before
being able to do something.
Mz wrote:
> 2 Firewalls?
>
> thats insane!
>
> it means the first firewall is not configured properly,
>
> martin
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Behalf Of Phil Scarratt
> Sent: Wednesday, 25 June 2003 3:24 PM
> To: moise lim
> Cc: Sydney LUG
> Subject: Re: [SLUG] Network Problem
>
>
> Yes, a DMZ is setup in such a way:
>
> ------------
> Internet
> ------------
> |
> ------------
> Firewall
> ------------
> |
> ------------
> Servers for
> public use
> eg Web, mail
> etc
> ------------
> |
> ------------
> Firewall
> ------------
> |
> ------------
> Internal lan
> ------------
>
> Of course, depending on your purposes and resources this may be over the
> top.
>
> Fil
>
> moise lim wrote:
>
>>On Wednesday 25 June 2003 11:07 am, El 4Love wrote:
>>
>>
>>>i was only involved in programming on machines setup by administrators
>>>all this while and now only I managed to setup my own network at home.
>>>
>>>I am certainly not aware of many of the security related issues. I would
>>>appreciate if someone could let me know how bad the security is in my
>>>network, and suggestions to rectify it.
>>
>>
>>well... i m no expert on network security and i can only go by what i have
>>come across in my readings ...
>>
>>my understanding is that a more secure setup is probably
>>
>> --------
>> Internet
>> --------
>> /
>> /
>> -------
>> ADSL
>> -------
>> /
>> /
>> ---------
>> Web svr
>> ---------
>> /
>> /
>> ---------
>> Firewall
>> ---------
>> /
>> /
>> --------------
>> My Network
>> --------------
>>
>>as i do not have a publicly accessed web svr myself .. i am simply
>
> guessing at
>
>>the above topology ... and i m happy to be corrected by those more
>
> familiar
>
>>with such matters :)
>>
>>i have seen previously from one of the other postings where a firewall was
>>installed between the ADSL and Web Svr as well
>
>
>
> --
> Phil Scarratt
> Draxsen Technologies
> IT Contractor/Consultant
> 0403 53 12 71
>
> --
> SLUG - Sydney Linux User's Group - http://slug.org.au/
> More Info: http://lists.slug.org.au/listinfo/slug
>
--
Phil Scarratt
Draxsen Technologies
IT Contractor/Consultant
0403 53 12 71
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
-- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
