> sjg rites:
> >What's wrong with setting up your firewall in a test lab? I mean the
> >entire DMZ,choke etc etc. You can then test it until you are happy
> >before letting others have a go...
> Oh I agree, now everyone out there whose organization *has* a dedicated
That's just it though. You don't need a "test lab". You need a
couple of desks (well, actually I just setup several machines stacked
one atop the other :-) and a few power boards. Ok, the power boards
are usually the biggest problem... more than once I've had to nip out
to Tandy (or whatever...)
Presumably you already have the bastion host(s) and router(s) that you
plan to put into the firewall. Now just set it all up but _don't_
connect it to either the internet or the internal net - tempting as
that might be...
The only real extra resources needed are the two (or more) systems
needed to simulate your attackers and the prize (internal net). Most
companies can scrounge a couple of 386's to run NetBSD or whatever for
When you are done testing, just plug in the other networks.
Next week we'll explain how to build box girder bridges and how to play