Re: Defense in Depth

["Naren" <naren () pactech net>]

Dear all,

My $ 0.02

The idea behind two firewalls is because of different technologies, and 
capabilities, having two firewalls from two different vendors help minimise 
the possibility of traffic that is not intercepted by one firewall being 
stopped by the other .. like a mix and match.

And normal practise is to have the first level as a Stateful inspection, to 
reduce most common forms of attacks - and also reducing the traffic that 
hits the 2nd level firewall, and the second as an application layer 
firewall, for stricter checking of traffic passing through.

This is a very basic requirement .. and there is no firewall which can stop 
all forms of threats (in my limited experience .. atleast. ...)

Naren
----- Original Message ----- 
From: Ravi Kumar
To: Ronish Mehta
Cc: security-basics () securityfocus com
Sent: Friday, October 29, 2004 1:35 PM
Subject: Re: Defense in Depth


Hi Ronsih,
 Why do you prefer two firewalls? Does that mean are you not confident 
enough with the first firewall capabilities!!

-Ravi

Ronish Mehta wrote:
> Hi List,
>
> I have a network setup with 2 firewalls
>
> There is a DMZ on the Internet facing firewall
>
> The servers on this DMZ contains servers that host
> both "http" and "https" pages
>
> There are no DMZ on the second firewall
>
> > From what I understand, this setup is not providing
> defense in depth, at least not full defense in depth
>
> I wanted to create a DMZ on the second firewall, and
> move servers that host "HTTPS" pages to this new DMZ
>
> Would this new setup improve the security of the
> network?
>
> Thanks for comments,
>
> Ronish
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - You care about security. So do we.
> http://promotions.yahoo.com/new_mail

This mail has been scanned for known virusses and spam by the MXTreme 
Mail Firewall, and is considered spam free. For more info, visit 
http://www.pactech.net