Yet Another About To Build A Firewall Message
Have been looking over "Thinking about Firewalls" by mjr, and have some
questions to pose:
1. What extra security do you buy with a "screened subnet" based firewall
vs. a "screened host gateway" based firewall? (In other words,
what justification is there for the second router?? ).
2. Does my bastion host have to be the mail and news server for my
domain, or can I open up ports in the screening router and
have these particular hosts in my external DNS maps?
3. To those that use SOCKS: should I be using something bigger than
a Sparcstation IPC if I plan to implement SOCKS to proxy for
ftp, telnet, and possibly mosaic? What are typical performance
hits for routing this traffic through a proxy service rather
than allowing the direct connection to outside hosts? (note that
our network probably consists of about 500 users - not a large
portion of which will actually use these services).
Thanks in advance for any input...
Ft. Worth, TX