On Sat, May 10, 2003 at 08:32:17AM -0700, Timothy Webster wrote: > On Sat, May 10, 2003 08:50:23 -0600, Jamin W. Collins wrote: > > On Sat, May 10, 2003 at 03:23:13PM +1000, Matthew Palmer wrote: > > > > All I'm saying is that servers on the regular internal network, > > > secured by a serviceless firewall, are still better than > > > externally accessible services on the firewall itself. I hope > > > you'll agree with that. > > > > I still disagree. > > Make that definitely disagree! > > Remember a firewall does not need to be just one machine. It can be > modularize across several machines. So in that case you are > definitely wrong. > > You are under the assumption. That the attacker is going to break your > firewall through the services provided on it. But remember you have > not gained anything if the attacker breaks an internal host instead. > "Unless that internal host is in a protected subnetwork. "dmz" Which > is also know as the service layer of a network-service-network > firewall sandwich.
Exactly! Thank you. -- Jamin W. Collins
