gossamer axe wrote:
I had read an article a while back which claimed that inside of a network
(that's already firewalled) each machine should also be firewalled.
So, my firewall/gateway runs in front of say 5 other computers. These
machines inside the network do various things, mp3 server, file server
etc...What would be the advantage of setting up seperate firewalls on each
of these 5 machines? Basically I ssh into these (monitorless) machines from
either inside the network or from my server (ssh'd in from work). I turn off
any unused services like telnet, ftp in inetd.conf.
thanks!
I think the recommendation is for a larger environment. A simple example
is to have a DMZ for front end web servers, a Backend network for
databases and application servers, and a management LAN. The diagram
below shows how you would isolate traffic to the backend servers with
firewalls. The different firewalls would be implemented with least
privileged access requirements.
----------------
Internet------*DMZ* *BackNet*----------|DB/App Servers|
| | | ----------------
| | | |
| ------------------- |
| |Front End Servers|-----------\ |
| ------------------- | |
| | |
\------------------------------------*ManLan*----/
|
|
---------------------
|SysAdm Workstations|
---------------------
--
"You can observe a lot just by watching."
--Yogi Bera
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
