Firewall Wizards mailing list archives
Re: Defense in Depth to the Desktop
From: Magosányi Árpád <mag () bunuel tii matav hu>
Date: Mon, 6 Dec 2004 08:40:42 +0000
A levelezőm azt hiszi, hogy Chris Pugrud a következőeket írta:
Overview
[one subnet for servers, one for clients, separated by a firewall]
In addition to the firewall, the client systems are fully isolated from each other by layer 2 controls (private vlans). The servers may be similarly isolated, but doing so is minimally effective and damaging to server to server communications.
It is interesting to note that what you propose can be viewed as an example of the Bell-LaPadula modell with two security levels. There are questions regarding the scaleability and the resource needs of such a setup. -How can you scale it to an intranet which have hundreds or thousands of subnets, with tens or hundreds of separate application servers geographically scattered? My answer would be using VPNs, which makes configuration and network usage more resource intensive. -What approaches could you use to minimize configuration overhead and network resource utilisation, especially on a large intranet? You also seem to forget that there is a world beyond Microsoft, but this have little impact on the question. -- GNU GPL: csak tiszta forrásból _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Defense in Depth to the Desktop Chris Pugrud (Dec 05)
- Re: Defense in Depth to the Desktop Magosányi Árpád (Dec 07)
- Re: Defense in Depth to the Desktop Chris Pugrud (Dec 07)
- Re: Defense in Depth to the Desktop Magosányi Árpád (Dec 11)
- protection models Chris Pugrud (Dec 11)
- Re: Defense in Depth to the Desktop Chris Pugrud (Dec 07)
- Re: Defense in Depth to the Desktop Magosányi Árpád (Dec 07)
- Re: Defense in Depth to the Desktop Rogan Dawes (Dec 07)
- Re: Defense in Depth to the Desktop Chris Pugrud (Dec 07)
- RE: Defense in Depth to the Desktop Ben Nagy (Dec 07)
- RE: Defense in Depth to the Desktop Chris Pugrud (Dec 07)
- RE: Defense in Depth to the Desktop Scott Stursa (Dec 11)
- RE: Defense in Depth to the Desktop Chris Pugrud (Dec 11)
- RE: Defense in Depth to the Desktop Chris Pugrud (Dec 07)