[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: basic question about firewall usage

On Sat, May 10, 2003 at 08:32:17AM -0700, Timothy Webster wrote:
> On Sat, May 10, 2003 08:50:23 -0600, Jamin W. Collins wrote:
> > On Sat, May 10, 2003 at 03:23:13PM +1000, Matthew Palmer wrote:
> 
> > > All I'm saying is that servers on the regular internal network,
> > > secured by a serviceless firewall, are still better than
> > > externally accessible services on the firewall itself.  I hope
> > > you'll agree with that.
> > 
> > I still disagree.
> 
> Make that definitely disagree!
> 
> Remember a firewall does not need to be just one machine. It can be
> modularize across several machines.  So in that case you are
> definitely wrong. 
> 
> You are under the assumption. That the attacker is going to break your
> firewall through the services provided on it. But remember you have
> not gained anything if the attacker breaks an internal host instead.
> "Unless that internal host is in a protected subnetwork. "dmz" Which
> is also know as the service layer of a network-service-network
> firewall sandwich.

Exactly!  Thank you.

-- 
Jamin W. Collins
Reply to: