Security Basics mailing list archives
Re: High availability firewalling architectures
From: Bob Kryger <bobk () panix com>
Date: Tue, 12 Sep 2006 17:04:31 -0400
try googling "Defense in Depth" that is the concept you are talking about. Try it with "firewall" I found a few things out there.
Defense in Depth is not a new concept and you are quite right to suggest it. But it can be achieved at many levels. We use PIX, NetScreen and Linux IP tables at both the network and host layers. You can also consider a hardware firewall and window boxen with software firewalls Defense in Depth. Although I think that the software firewall layer in this example would be dubious and problematic.
I guess it may also be worth considering the needs of the client, their size, and the type of data that they are storing and possibly the regulation that they may be subject to.
Bob sami seclist wrote:
Hi all, We are trying to convince a client that the best suited firewall architecture for his network is a double layered one (each layer from a different constructor) with high availability and load balancing technology at each layer, but he didn't want to believe it. We are looking for external references on the web (in english or french) that are firewall constructors independant in order to provide support to our advice. Any help appreciated---------------------------------------------------------------------------This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.http://www.msia.norwich.edu/secfocus---------------------------------------------------------------------------
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: High availability firewalling architectures sami seclist (Sep 11)
- Re: High availability firewalling architectures Alexey Eremenko (Sep 12)
- Re: High availability firewalling architectures Bob Kryger (Sep 13)