Firewalls: Re: Proposed Firewall Configuration

Firewalls
(September 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Proposed Firewall Configuration
From:	smb @ research . att . com
Date:	Wed, 31 Aug 94 19:22:21 EDT
To:	RAS @ cacdvax . cacd . rockwell . com
Cc:	firewalls @ GreatCircle . COM, Larry_Chin @ cchtor . ca . cch . com

	 We thought that connecting each bastion host to the perimeter
	 network via a bridge would limit the traffic that could be
	 sniffed to just the traffic exchanged by the bastion host.
	 For example, if an intruder captured the anonymous ftp bastion
	 host and installed a sniffer, the intruder would not be able
	 to capture any SMTP traffic (which is handled by a different
	 bastion host).  We believe the bridges to be sufficient for
	 this purpose and do not understand how adding an additional
	 router on the perimeter network would achieve the same
	 affect.

Such bridges are a good idea.  Another possibility is to use a ``smart''
10BaseT hub.

Follow-Ups:

Re: Proposed Firewall Configuration
From: "John P. Rouillard" <rouilj @ cs . umb . edu>

Indexed By Date	Previous:	RE: Eagle software from Concorde From: David Pensak E-328/104 695-3650 <pensak @ esvax . dnet . dupont . com>
Indexed By Date	Next:	Re: I hate DNS... From: Ken Beames <webmaster @ qdeck . com>
Indexed By Thread	Previous:	RE: Eagle software from Concorde From: David Pensak E-328/104 695-3650 <pensak @ esvax . dnet . dupont . com>
Indexed By Thread	Next:	Re: Proposed Firewall Configuration From: "John P. Rouillard" <rouilj @ cs . umb . edu>