It's layered with two difference firewall technologies. For instance, you
would use Nokia 650's on external side and Cisco PIX on the internal side.

At 03:20 PM 10/4/2001 -0700, Arlen Fletcher wrote:
>It's a layered defense.
>
>-----Original Message-----
>From: Rob Collins [mailto:robtompc@yahoo.com]
>Sent: Thursday, October 04, 2001 2:07 PM
>To: CISSPSTUDY@SECURITYFOCUS.COM
>Subject: "design the firewall system" practice from the CERT Security
>Improvement Modules
>
>
>Hi all,
>
>I was reading the CERT practice specificied in the
>subject line (it is available here:
>http://www.cert.org/security-improvement/practices/p053.html).
> Within, they talk about firewall architectures. The
>DMZ network (figure 1.6), maps well to the IDS Zone
>Theory Diagram by Scott Sanchez, and makes perfectly
>good sense to me. But the practice suggests, as more
>secure, a dual firewall with DMZ network architecture
>(figure 1.7). It does not provide details as to why
>this architecture is considered to be of increased
>effectiveness.
>
>The dual firewall design places a firewall at the
>external perimeter, which connects to the DMZ network
>(and the internet). On the DMZ network is another
>firewall, which sits at the internal network perimeter.
>
>=====
>--r
>"Experience is that marvelous thing that enables you to recognize a
>mistake when you make it again." -- F. P. Jones
>
>__________________________________________________
>Do You Yahoo!?
>NEW from Yahoo! GeoCities - quick and easy web site hosting, just
>$8.95/month.
>http://geocities.yahoo.com/ps/info1

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]