"Tong, Aaron" <aaron @
com> allegedly wrote:
>I am considering several firewall configurations. Could you comment on
>the following two configuration? Which one has higher security?
> Packet Firewall
>Internet---Filtering---w/ Multi-NICs---Internal Net
> Router |
> (external accessible
> servers e.g. WWW, DNS)
>Thanks in advance
>NCR (Hong Kong) Ltd.
...And the winner is....
>>> Configuration # 1 <<<
Assuming the firewall is an Application Gateway:
o Configuration #1 gives you the benefit of the having the firewall
provide protection for the DMZ as well as the internal network.
o Configuration #2 has the DMZ protected by the packet filter only
(which is essentially NO protection).
If the firewall is a packet filter type of firewall (which doesn't
qualify as a firewall in my book, but I digress...)
Configuration # 1 offers as little protection as configuration # 2.
Any sufficiently advanced bug is indistinguishable from a feature.
-- Rich Kulawiec
The opinions expressed above are of the author and may not
necessarily be representative of Fortified Networks Inc.
Fortified Networks Inc. - Information Security Consulting
http://www.fortified.com Phone: (317) 573-0800 FAX: (317) 573-0817
Home of the Free Internet Firewall Evaluation Checklist