On Wed, 13 Dec 1995, Paul D. Robertson wrote:
> On Tue, 12 Dec 1995, Scott Deshaies wrote:
>
> > OK- how about having SOME modems in the DMZ for Internet access ONLY
> > and SOME modems on the internal net for internal network access ONLY
> > and the two shall never cross?
> >
>
> This sounds like a good approach. I'm not sure that I wouldn't
> prefer my users go through my proxies rather than directly out though,
> if I'm going to trust them not to run two connections, then my
> proxies should be sufficient for net access, and they only have to dial
> one number. If you have other concerns about IP on your internal
> network, then I'd go with your scheme.
But..... Remember complexity is the enemy of security. IMHO this scheme
introduces needless complexity to the issue. Now I have to montor, configure
and maintain multiple routes (holes?). ;-)
Arley Carter
Tradewinds Technologies, Inc.
email: ac @
hawk .
twinds .
com
www: http://www.twinds.com
"Trust me. This is a secure product. I'm from <insert your favorite
corporation or government agency>."
Follow-Ups:
References:
|
|
