On Tue, Nov 07, 2000 at 10:20:05AM -0800, [EMAIL PROTECTED] wrote: > > Should I set up two internal private subnets (one for the ftp/www), > > and one for the other computers? What kind of communication should I allow > > between them, in case the www/ftp box gets broken? Is that the way to go?
[...] > I don't see any benefit in having two subnets, if your FW gets broken into > then your whole network is in trouble anyway. I think he means something like that: - if you have two internal networks X and Y - hosts x1, x2, ..., xn are connected only to network X - hosts y1, y1, ..., ym are connected only to network Y - host r is connected to both X and Y And box xi is broken into, the attackers still don't have direct access to network Y. This is particularily true if boxen x* and y* run some lame OS (as opposed to boxes r and the firewall). And remember that one can crack a box in numerous ways (e.g. virii). regards Marcin -- +--------------------------------+ The reason we come up with new versions |Marcin Owsiany | is not to fix bugs. It's the stupidest |[EMAIL PROTECTED]| reason to buy a new version +--------------------------------+ I ever heard. - Bill Gates
