Re: [FW1] multi layer defence strategy

Sun, 16 Jul 2000 16:38:30 -0700 


I don't like the fact that traffic destined for inside has to pass through
all the other layers first (and could be sniffed by a compromise on any of
the levels). Granted in the horizontal model all traffic passes through
the central firewall, but a compromise there is less likely because it's
only one box and you can devote more time to securing it.

my 2 cents,
-- 
Jack Coates, Rainfinity SE
t: 650-962-5301 m: 650-280-4376


On Fri, 14 Jul 2000, Rick Francis wrote:

> sort of:
> 
> internet
> class c/24
> router
> class c/24
> firewall
> class c/24
> firewall
> class c/24
> firewall
> class c/24
> router
> class c/24
> intranet
> 
> rf
> ----- Original Message -----
> From: Jack Coates <[EMAIL PROTECTED]>
> To: Rick Francis <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Friday, July 14, 2000 11:29 PM
> Subject: Re: [FW1] multi layer defence strategy
> 
> 
> > I'm not sure I follow - is this what you're saying?
> >
> > outside
> > -------
> > router
> > ------
> > 192.168.1.0/24
> > ------
> > router
> > ------
> > 192.168.2.0/24
> > ----- and so forth?
> >
> > well, you could get high latency going from one side of it to the
> > other. Especially if these are firewalls, depending on policy and machine
> > speed and amount of traffic &c.
> >
> > --
> > Jack Coates, Rainfinity SE
> > t: 650-962-5301 m: 650-280-4376
> >
> >
> > On Fri, 14 Jul 2000, Rick Francis wrote:
> >
> > >
> > > what are the (dis)advantages of assigning different class-c network
> > > addresses on each side of four layered routers, whose interiors' support
> > > things like dmz servers, web servers, applications servers, database
> > > servers? (aside from the waste of numbers.)
> > >
> > > doesn't it improve performance/speed? better/more difficult security
> > > paradigm? thoughts//
> > >
> > > rf
> > >
> > >
> > >
> > >
> ============================================================================
> ====
> > >      To unsubscribe from this mailing list, please see the instructions
> at
> > >                http://www.checkpoint.com/services/mailing.html
> > >
> ============================================================================
> ====
> > >
> >
> 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to