Hello,
> the only hub in your security it could pose a serious problem). The two hub
> design is stronlg recommended (and with just the above few thoughts I can
> see why) in one of the books that I read (I think it was Building Internet
> Firewalls by Chapman and Zwicky). L8r.
There is a drawback in the two hub design.. you cant control IP Spoofing on
the second (inner router) very good. Since you dont know if the originator
in the middle interface is from the internet (the outer router) or from any
host on the DMZ. This means DMZ Hosts are able to Fake any outside IP
Address. (and, even worse, sniff the answers. Not that i would recommend any
authentication based on it).
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels @
Wendelinusstrasse39 .
76646Bruchsal .
de --
( .. ) ecki @
{inka .
de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes @
irc +497257930613 BE5-RIPE
(O____O) If privacy is outlawed only Outlaws have privacy
Follow-Ups:
References:
|
|
