On Sat, 17 Jan 1998, Ryan Russell wrote:
* ->
* ->You can use 1 router with three interfaces (if available)
* ->instead of two with two, to get the same affect. At least,
* ->you can with Ciscos. Ciscos can do filtering on in and out
* ->at the same time, different lists. This might save some
* ->cost and help with your proposal. Do you know if they
* ->have a Cisco now, and what model it is?
* ->
* -> Ryan
Yes they do have a CISCO (I don't know the model), but they aren't even
implementing any packet filtering capabilities that it may posess. Also, in
regard to using one router instead of two: two provides more redundancy,
more reliability, and allows one to be taken offline without taking down
security all together (imagine if one hub starts being problematic, if it's
the only hub in your security it could pose a serious problem). The two hub
design is stronlg recommended (and with just the above few thoughts I can
see why) in one of the books that I read (I think it was Building Internet
Firewalls by Chapman and Zwicky). L8r.
-----------------------------------------------------------------------------
Geoff Gowey | NetBSD: the best multi-platform OS
daemond(at)ibm.net | www.netbsd.org
*****************************************************************************
Spammers beware: I do not buy from companies that spam and I keep track!
Above policy STRICTLY ENFORCED!
*****************************************************************************
"All I ask is for the chance to prove that money can't buy me happiness"
or more simply put "SHOW ME THE MONEY!!!"
Follow-Ups:
References:
|
|
