Security Basics mailing list archives
RE: Defense in Depth
From: "Randy Golly" <rcgolly () vermeertexas com>
Date: Sat, 30 Oct 2004 10:50:29 -0500
Hence the title of this thread ... Defense in Depth. First firewall allows the DMZ, the second would allow no incoming IP at all unless initiated from behind the second firewall. Second firewall would be protecting critical data servers and other assets from internal network. Also place them on a separate subnet behind the second firewall. Theory is that if (when) all hell breaks loose on the internal network, and critical data is sitting behind its own firewall. Randy Golly -----Original Message----- From: Ravi Kumar [mailto:ravivsn () rocsys com] Sent: Friday, October 29, 2004 12:35 AM To: Ronish Mehta Cc: security-basics () securityfocus com Subject: Re: Defense in Depth Hi Ronsih, Why do you prefer two firewalls? Does that mean are you not confident enough with the first firewall capabilities!! -Ravi Ronish Mehta wrote:
Hi List, I have a network setup with 2 firewalls There is a DMZ on the Internet facing firewall The servers on this DMZ contains servers that host both "http" and "https" pages There are no DMZ on the second firewallFrom what I understand, this setup is not providingdefense in depth, at least not full defense in depth I wanted to create a DMZ on the second firewall, and move servers that host "HTTPS" pages to this new DMZ Would this new setup improve the security of the network? Thanks for comments, Ronish __________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail
Attachment:
smime.p7s
Description:
Current thread:
- Re: Defense in Depth Daniel Miessler (Nov 01)
- <Possible follow-ups>
- RE: Defense in Depth Randy Golly (Nov 01)
- Re: Defense in Depth Naren (Nov 01)
- Re: Defense in Depth Ghaith Nasrawi (Nov 03)
- Re: Defense in Depth Javier Blanque (Nov 01)
- Re: Defense in Depth Spencer Hall (Nov 02)
- Re: Defense in Depth Miles Stevenson (Nov 02)
- Re: Defense in Depth sf_mail_sbm (Nov 03)
- RE: Defense in Depth Randy Golly (Nov 04)
- RE: Defense in Depth Ghaith Nasrawi (Nov 08)