Hosting Provided By

Re: Router Packet Filtering and Firewalls

From: Chris Travers <chris(at)travelamericas.com>
Date: Fri Jan 31 2003 - 13:38:05 EST

Sean Smith wrote:

>As far as the ISP being lazy... Even though they say
I HIGHLY recommend the screened subnet idea. This provides an environment for you to place any IDS or other security and monitoring systems you may eventually need. It also creates a better level of diversity in depth to your security strategy, especially if there is diversity in the setup of your filtering routers and firewall (i.e. different OS's, security mechanisms, etc.).

Additionally if you decide to offer public servers at some point, the screened subnet is the obvious place to put them. These may include email servers, Jabber servers, web servers (if you have the bandwidth), etc. You may not have these now, but allowing for the addition of them later may be good, becuase it forces you to build a better, more secure, and more extensible architecture for your security.

Best Wishes,
Chris

>
>
Received on Fri Jan 31 19:29:49 2003

This message: [ Message body ]
Next message: Naman Latif: "RE: Cisco PIX ip audit command"
Previous message: Paul Stewart: "RE: Router Packet Filtering and Firewalls"
In reply to Sean Smith: "Re: Router Packet Filtering and Firewalls"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:41 EDT