Almost all of the firewall designs I've read about focus on enterprise networks, which usually includes the internal, corporate network, and a DMZ for external services. Unfortunately, for an ISP, this isn't entirely adequate, since almost all services are external and so almost all hosts in the DMZ, and then there are customer connections themselves.
Of course the office network itself is behind a second firewall, and for expedience and address savings NAT'd. The service hosts themselves, the web, mail, and name servers are reasonably protected. But what sort of policy should one have for customer connections, like dial-up, co-lo, and WAN customers? Certainly, for some customers, we offer extended security management. But should I apply any stricter filters for other customers, aside from the usual things like egress filtering, ICMP rate filtering, etc.? Wil -- W. Reilly Cooley [EMAIL PROTECTED] Naked Ape Consulting http://nakedape.cc irc.linux.com #orlug,#pdxlug,#lnxs When I hear a man applauded by the mob I always feel a pang of pity for him. All he has to do to be hissed is to live long enough. -- H.L. Mencken, "Minority Report"
msg21739/pgp00000.pgp
Description: PGP signature
