> The dual firewall design places a firewall at the
> external perimeter, which connects to the DMZ network
> (and the internet). On the DMZ network is another
> firewall, which sits at the internal network perimeter.

Several reasons:

If you wanna be paranoid you allow internel lan to only talk to DMZ, and not
Internet. Conversely you only allow the Internet to talk to DMZ and not
internal LAN. Basically everything MUST pass through the DMZ servers. Makes
hacking a bit harder as you would have to "leap frog". Using non routable
IP's on the firewall's interfaces facing the DMZ for example means that youc
annot attack the internal firewall directly form the Internet.

Ease of management. Building rulesets for a firewall with two interfaces is
easier then three (try building a firewall ruleset with 5 interfaces to see
what I mean =). Plus the Internal firewall can likely be locked down
extremely tight, the external one less so (making access to DMZ possible).
Doing this on one server is more difficult.

Performance/loading issues, firewalling is a problem that can be serialized
reasonably well. The two server design (implemented correctly of course) can
reduce the load on either machine.

You can use different products (which done correctly can also make an
attackers life more difficult), typically most people only want a "simple"
set of rules for the external server (block all acccess in except to certain
DMZ server:port combos). For the internal side you may need something with
authentication, or NAT, or whatever is the case and a different product may
be more appropriate (Firewalls don't just firewall, there is also
authentication, proxying, NAT, etc, etc).

Some other odds and ends too, but they are left as an excercise to the
reader (it's almost 2am and I feel lazy =).

Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]