JD Runyan wrote:
gossamer axe wrote:
I had read an article a while back which claimed that inside of a
network (that's already firewalled) each machine should also be
firewalled.
So, my firewall/gateway runs in front of say 5 other computers. These
machines inside the network do various things, mp3 server, file
server etc...What would be the advantage of setting up seperate
firewalls on each of these 5 machines? Basically I ssh into these
(monitorless) machines from either inside the network or from my
server (ssh'd in from work). I turn off any unused services like
telnet, ftp in inetd.conf.
thanks!
I think the recommendation is for a larger environment. A simple
example is to have a DMZ for front end web servers, a Backend network
for databases and application servers, and a management LAN. The
diagram below shows how you would isolate traffic to the backend
servers with firewalls. The different firewalls would be implemented
with least privileged access requirements.
----------------
Internet------*DMZ* *BackNet*----------|DB/App Servers|
| | | ----------------
| | | |
| ------------------- |
| |Front End Servers|-----------\ |
| ------------------- | |
| | |
\------------------------------------*ManLan*----/
|
|
---------------------
|SysAdm Workstations|
---------------------
Wasn't there a recent discussion here claiming that firewalls are now
antiquated by something fairly new?
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
