Re: Defense in Depth to the Desktop

[Magosányi Árpád <mag () bunuel tii matav hu>]

A levelezőm azt hiszi, hogy Chris Pugrud a következőeket írta:
> Overview
[one subnet for servers, one for clients, separated by a firewall]

> In addition to the firewall, the client systems are fully isolated from each
> other by layer 2 controls (private vlans).  The servers may be similarly
> isolated, but doing so is minimally effective and damaging to server to server
> communications.

It is interesting to note that what you propose can be viewed as an
example of the Bell-LaPadula modell with two security levels.

There are questions regarding the scaleability and the resource needs of
such a setup.
-How can you scale it to an intranet which have hundreds or thousands of
subnets, with tens or hundreds of separate application servers
geographically scattered?

My answer would be using VPNs, which makes configuration and network
usage more resource intensive.

-What approaches could you use to minimize configuration overhead and
network resource utilisation, especially on a large intranet?

You also seem to forget that there is a world beyond Microsoft, but
this have little impact on the question.

-- 
GNU GPL: csak tiszta forrásból
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards