[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Proposed Firewall Configuration
From:       smb () research ! att ! com
Date:       1994-08-31 19:22:21
[Download RAW message or body]

	 We thought that connecting each bastion host to the perimeter
	 network via a bridge would limit the traffic that could be
	 sniffed to just the traffic exchanged by the bastion host.
	 For example, if an intruder captured the anonymous ftp bastion
	 host and installed a sniffer, the intruder would not be able
	 to capture any SMTP traffic (which is handled by a different
	 bastion host).  We believe the bridges to be sufficient for
	 this purpose and do not understand how adding an additional
	 router on the perimeter network would achieve the same
	 affect.

Such bridges are a good idea.  Another possibility is to use a ``smart''
10BaseT hub.

[prev in list] [next in list] [prev in thread] [next in thread]