Hi Bernd,
At 06:44 31/08/00 +0200, Bernd Eckenfels wrote:
> > The old principle still holds: you're as weak as your
> > weakest element.
>
>Nope, thats not quite true. If you have 3 firewalls between two zones, then
>of course the security is as weak as the strongest firewall, not as the
>weakest. Just imagine to cut the wire at firewall 2... neighter firewall 1
>nor firewall 3 can make it insecure... of course this is only true as long
>as your firewalls dont trust each other.
if you cut the wire at firewall 2, then
- concerning your internal network, you are implementing a _single_ line of
defense,
and none of your link is weak.
- concerning the external firewall, it will be as weak as it is. if you
don't mind someone
having root access to this machine, then you probably don't need it.
anyway, I agree that this is only a "principle" and should not be
considered more than what it is.
regards,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
