Security Basics mailing list archives
Re: 2 firewalls protecting internal network
From: "Mrs. Y." <networksecurityprincess () gmail com>
Date: Thu, 24 May 2012 14:48:01 -0400
Ah, the firewall sandwich: it gives me indigestion. I don't think firewalls are enough protection on their own. "Defense in depth" implies different types of protection, not just layers of firewalls from different vendors.
On 5/24/2012 2:37 PM, Dan Lynch wrote:
I know that there is a defence in depth idea to implement 2 firewalls, each from different vendor. what you think about it ? is it practical?Whether it's practical depends in part on the complexity of the environment and of the firewall rules. But even using a single vendor, there are gains that can be had. Rather than running 25 interfaces on a single firewall, with 300+ rules, splitting the implementation can simplify the rules, and reduce the hardware performance requirement. Two $5000 boxes might replace one $25,000 box. A 300 rule policy might be replaced by two 100 rule policies. One firewall connects to external-facing DMZ networks and the internet, another divides internal business units with different security requirements from one another, segregates server networks from user networks, or test environments from production, etc. A separate firewall might reside in one business unit for connections to their external partners. One drawback is that connections that traverse multiple firewalls require a rule on each. I find this to be less of a problem than the overall reduction in complexity of the rules on each firewall. Another benefit might be to reduce the impact of maintenance downtime, and increase your flexibility in scheduling change windows. Consolidating everything into a single box subjects you to the lowest common denominator / most restrictive change policy for all connections on that box. Isolating those restrictive policies on a separate firewall could allow more flexibility for administering the other systems. As always, YMMV, and probably will. Dan Lynch, CISSP Information Technology Analyst County of Placer Auburn, CA ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- 2 firewalls protecting internal network marco cohen (May 24)
- Re: 2 firewalls protecting internal network Stephanus J Alex Taidri (May 24)
- Re: 2 firewalls protecting internal network synja (May 24)
- Re: 2 firewalls protecting internal network RobOEM (May 24)
- RE: 2 firewalls protecting internal network Mike Vella (May 24)
- Re: 2 firewalls protecting internal network Ferreira, Steve G. (May 24)
- RE: 2 firewalls protecting internal network David Gillett (May 24)
- RE: 2 firewalls protecting internal network Dan Lynch (May 24)
- Re: 2 firewalls protecting internal network Mrs. Y. (May 24)
- Re: 2 firewalls protecting internal network olufemimogaji (May 25)
- <Possible follow-ups>
- Re: 2 firewalls protecting internal network kartik . netsec (May 25)
- Re: 2 firewalls protecting internal network Mrs. Y. (May 25)