Greetings!
Steven Pierce wrote:
> What kind of multiple lines of defense can someone use?? Does this
> meanmore then one firewall or just many layers of security.??
What's the difference? Multiple lines means: different security layers
and thus for the whole gateway:
* more than one type of filter
* more than one OS
* more than one hardware
* more than one brand of each: filter/OS/hardware
This for example is a gateway architecture with quite anhanced security
- all machines dual-homed to prevent "shortcutting". The disadvantage is
having multiple single-points-of-failure and a more complictaed setup in
here...
0.) internet
1.) router with restrictive (static) ACLs
2.) packet-based firewall (e.g. BSD IPFilter or Firewall-1 with
security servers enabled)
3.) application bastion, e.g. a virus scanning server acting as HTTP
proxy and SMTP relay
4.) application based gateway (e.g. Axent Raptor or Gauntlet)
5.) router with restrictive (static) ACLs
6.) internal communication servers (e.g. SMTP servce and HTTP proxy)
x.) internal network
Bye
Volker
--
Volker Tanger <[EMAIL PROTECTED]>
--------------------------------------------
Sr. Security Engineer Tel. +49-69-92901-570
--------------------------------------------
Global One
Global Security
Global Service Engineering
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
