Re: basic question about firewall usage
On Sat, May 10, 2003 at 08:32:17AM -0700, Timothy Webster wrote:
> On Sat, May 10, 2003 08:50:23 -0600, Jamin W. Collins wrote:
> > On Sat, May 10, 2003 at 03:23:13PM +1000, Matthew Palmer wrote:
> > > All I'm saying is that servers on the regular internal network,
> > > secured by a serviceless firewall, are still better than
> > > externally accessible services on the firewall itself. I hope
> > > you'll agree with that.
> > I still disagree.
> Make that definitely disagree!
> Remember a firewall does not need to be just one machine. It can be
> modularize across several machines. So in that case you are
> definitely wrong.
> You are under the assumption. That the attacker is going to break your
> firewall through the services provided on it. But remember you have
> not gained anything if the attacker breaks an internal host instead.
> "Unless that internal host is in a protected subnetwork. "dmz" Which
> is also know as the service layer of a network-service-network
> firewall sandwich.
Exactly! Thank you.
Jamin W. Collins