>I must say that I agree with the idea of not implementing your firewall on
>the same OS you are looking to protect. We are an NT shop but our dual
>firewall structure is based on separate firewall products and separate OSs.
The assumption here is that the box running the firewall software appears
the same to the hacker as a box not running the firewall software, assuming
that you're using the same OS on both boxes. I think that assumption many
not be quite correct.
I lean more towards keeping the same OS on both boxes to minimize the system
management requirements, but keeping the firewall in a separate "security
space". In the case of NT, this means keeping it in a separate domain with
a one-way trust relationship, or running it as a standalone server.
Brian Steele
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
