|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Arlen Fletcher (Arlen.Fletcher@farm-credit.com)
Date: Thu Oct 04 2001 - 17:20:16 CDT
It's a layered defense.
-----Original Message-----
From: Rob Collins [mailto:robtompc@yahoo.com]
Sent: Thursday, October 04, 2001 2:07 PM
To: CISSPSTUDY@SECURITYFOCUS.COM
Subject: "design the firewall system" practice from the CERT Security
Improvement Modules
Hi all,
I was reading the CERT practice specificied in the
subject line (it is available here:
http://www.cert.org/security-improvement/practices/p053.html).
Within, they talk about firewall architectures. The
DMZ network (figure 1.6), maps well to the IDS Zone
Theory Diagram by Scott Sanchez, and makes perfectly
good sense to me. But the practice suggests, as more
secure, a dual firewall with DMZ network architecture
(figure 1.7). It does not provide details as to why
this architecture is considered to be of increased
effectiveness.
The dual firewall design places a firewall at the
external perimeter, which connects to the DMZ network
(and the internet). On the DMZ network is another
firewall, which sits at the internal network perimeter.
=====
--r
"Experience is that marvelous thing that enables you to recognize a
mistake when you make it again." -- F. P. Jones
__________________________________________________
Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just
$8.95/month.
http://geocities.yahoo.com/ps/info1
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]