This should be (isn't always) addressed in the risk assessment done
*before* the firewall/access point is installed.
If the single point of failure is rated as low risk compared to
time/money lost during the outage and the cost to put in spares,etc,
then don't sweat it. If high risk, then the controls would dictate
spares, alternate routes, etc.
As has been said on this list multiple times, a firewall (and its type)
should be dictacted by the security policy and risk needs of the
organization and not plug in some sort of firewall and try to fashion
policy and needs around it. Easy to preach, not always easy to
follow........
bjm @
fl .
dk wrote:
>
> Hi
> Does someone have any comments on the following issue which I see as
> being more relevant when using firewalls internally or as access point
> for Intranet/Extranet connected through public networks (e.g.
> Internet):
>
> A couple of firewall products offer the ability to support multiple
> network interface cards. These products are often used in solutions
> where different kind of user groups, servers/services etc. are
> separated on different LAN-segments connected to the firewall. If a
> company uses this functionality on a firewall, they introduce a single
> point of failure which I think is often neglected or forgotten.
<<< rest snipped >>>>
--
Andy Howard
achowar @
erenj .
com
-- the above comments are mine only--
References:
|
|
