On 06/07/03 22:31 +0530, Vinu Moses wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sunday 06 July 2003 09:19 pm, Devdas Bhagat wrote:
> > On 06/07/03 18:12 +0530, Vinu Moses wrote:
> > > We plan to implement a firewall / gateway for our server room such
> > > that all servers are on a separate network and behind a firewall /
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
That usually implies a DMZ.> > > gateway. External access to the servers will be only through the > > > firewall / gateway. > > I assume that this is a standard three legged firewall with Internal, > > DMZ and External interfaces. > > There'll be no DMZ... this is an intranet, with authenticated dial-up > from homes also enabled, so that patient information can also be viewed > by doctors from their homes. Dial-up access is only through our own > telephone exchange and not via PSTN lines. There is no physical > connection between the network and the internet. Good. That should make your task a lot easier. Given a situation like this, what functionality are you looking for from your firewall? What threats is it supposed to defend against? Since valid users will have access to the data, and you aren't looking at J Random attacker probing various ports and trying to get direct access to the database. Having that information will help in recommending solutions. Devdas Bhagat
pgp00000.pgp
Description: PGP signature
