[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Brewer et al. on ``Basic Flaws in Internet Security and
From:       Paul Ferguson <pferguso () cisco ! com>
Date:       1995-10-18 17:53:47
[Download RAW message or body]


>
> I'm all for having an external (and hence insecure) network on which 
> to place public servers, but I:
> (1) don't want those servers to be able to sniff all the traffic to 
> and from my internal networks, and
> (2) want more than a router between my internal and external 
> networks.
> 
> By putting the public servers on a separate LAN (as per Jon Whitton's 
> Mark II version) both (1) and (2) above are effected.  The servers 
> can only sniff traffic on their LAN, not traffic between the internal 
> network and outside.  Also, there is no way of bypassing the bastion 
> host through a compromised public server.
> 
> Is this overly paranoid?  Or am I paranoid enough?
> 
>


Paranoid enough. :-) 


-- 
Paul Ferguson                                           ||        ||
cisco Systems                                           ||        ||
Consulting Engineering                                 ||||      ||||
Reston, Virginia USA                               ..:||||||:..:||||||:..
e-mail: pferguso@cisco.com                         c i s c o S y s t e m s

[prev in list] [next in list] [prev in thread] [next in thread]