Date: Sat, 24 Nov 2001 17:38:12 -0800 (PST) From: G Brehm <gbbrehm@yahoo.com> To: cjclark@alum.mit.edu Cc: security@FreeBSD.ORG Subject: Re: Best security topology for FreeBSD Message-ID: <20011125013812.9839.qmail@web10106.mail.yahoo.com> In-Reply-To: <20011122031739.A226@gohan.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > It is sad to see this poor design, > > Internet > | > | > Firewall--"DMZ" > | > | > Internal > > Used so very, very much these days (I think thanks > to several firewall > vendors pushing this as a standard design). > > A much better design, is > > Internet > | > | > Firewall1 > | > | > DMZ > | > | > Firewall2 > | > | > Internal > > (This design is actually where the term "DMZ" comes > from since it > actually looks like one here.) > > And in your case... that many NICs in one machine... > I hope you have a > dedicated stand-by. It's screaming "single point of > failure." I would > really consider NOT using one machine for all of > this. > -- > Crist J. Clark > cjclark@alum.mit.edu Sir, I have only setup a couple firewalls in my day. I have learned much from your posts in the past. I am confused by your bias. You'd think if it was firewall OEM pushing one design it would go for your preferered, (twice the $). I don't even want to think about a 10 NIC system, but talking 3 or 4 what is so bad with the first choice? ===== - i believe in dogs __________________________________________________ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011125013812.9839.qmail>