"Tong, Aaron" <aaron @
hkpo .
hongkong .
ncr .
com> allegedly wrote:
>
>Hi,
>
>I am considering several firewall configurations. Could you comment on
>the following two configuration? Which one has higher security?
>
>Configuration I
>
> Packet Firewall
>Internet---Filtering---w/ Multi-NICs---Internal Net
> Router |
> DMZ
> (external accessible
> servers e.g. WWW, DNS)
>
>Configuration II
>
> Packet
>Internet---Filtering---DMZ---Firewall---Internal Net
> Router
>
>Thanks in advance
>
>Aaron Tong
>NCR (Hong Kong) Ltd.
...And the winner is....
>>> Configuration # 1 <<<
Assuming the firewall is an Application Gateway:
o Configuration #1 gives you the benefit of the having the firewall
provide protection for the DMZ as well as the internal network.
o Configuration #2 has the DMZ protected by the packet filter only
(which is essentially NO protection).
If the firewall is a packet filter type of firewall (which doesn't
qualify as a firewall in my book, but I digress...)
then
Configuration # 1 offers as little protection as configuration # 2.
Best Regards,
Frank
Any sufficiently advanced bug is indistinguishable from a feature.
-- Rich Kulawiec
<standard disclaimer>
The opinions expressed above are of the author and may not
necessarily be representative of Fortified Networks Inc.
Fortified Networks Inc. - Information Security Consulting
http://www.fortified.com Phone: (317) 573-0800 FAX: (317) 573-0817
Home of the Free Internet Firewall Evaluation Checklist
Follow-Ups:
|
|
