Martin,
Martins Question: What are the advantages and disadvantages compared to
the Dual Homed Host variant?
--------------------
If you have any protocols to pass thru the DMZ that are not 'proxyable'
(e.g. most UDP-based protocols), then you would have to rely on your
screening routers only for those protocols. In such cases you would
propably feel much safer to use two screening routers together with a
intervening dual or multihomed host.
Depending on the capabilities of your firewall (and your decisions on what
solution provides the security you need) you will need some kind of
bastion host in the DMZ in addition to a dual homed firewall in many cases
(e.g. to not allow SMTP to pass your firewall).
IMO you should decide on the protocol support question before any other
configuration decisions are taken and if you have to use a specific
product (Raptor Eagle), then use it as recommended by the manufacterer.
Selecting the correct solution depends mainly on your security policy,
your protocol needs (how well do you know them?) and on the tradeoff
decision of investment versus the amount of administration overhead that
you are willing to accept.
regards
Peter Vaterlaus
//------------------------------------------------------------
// Consulting and Security for Networks and Internet
// Peter Vaterlaus edv @
vaterlaus .
ch http://www.vaterlaus.ch/edv
// EDV-Systemberatung tel ++41 32 621 84 21
// Klosterplatz 6, Postfach fax ++41 32 621 84 25
// CH-4502 Solothurn
// Switzerland
//------------------------------------------------------------
|
|
