> > All I'm saying is that servers on the regular > internal network, > > secured by a serviceless firewall, are still > better than externally > > accessible services on the firewall itself. I > hope you'll agree with > > that. > > I still disagree.
Make that definitely disagree! Remember a firewall does not need to be just one machine. It can be modularize across several machines. So in that case you are definitely wrong. You are under the assumption. That the attacker is going to break your firewall through the services provided on it. But remember you have not gained anything if the attacker breaks an internal host instead. "Unless that internal host is in a protected subnetwork. "dmz" Which is also know as the service layer of a network-service-network firewall sandwich. -tim. __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
