Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: High availability firewalling architectures

From: Bob Kryger <bobk () panix com>
Date: Tue, 12 Sep 2006 17:04:31 -0400
try googling "Defense in Depth" that is the concept you are talking about. Try it with "firewall" I found a few things out there.
Defense in Depth is not a new concept and you are quite right to suggest it. But it can be achieved at many levels. We use PIX, NetScreen and Linux IP tables at both the network and host layers. You can also consider a hardware firewall and window boxen with software firewalls Defense in Depth. Although I think that the software firewall layer in this example would be dubious and problematic.
I guess it may also be worth considering the needs of the client, their size, and the type of data that they are storing and possibly the regulation that they may be subject to. 

Bob

sami seclist wrote:

Hi all,


We are trying to convince a client that the best suited firewall
architecture for his network is a double
layered one (each layer from a different constructor) with high
availability and load balancing technology at
each layer, but he didn't want to believe it.
We are looking for external references on the web (in english or
french) that are firewall constructors independant in order to provide
support to our advice.
Any help appreciated
--------------------------------------------------------------------------- 
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------------------- 





---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: