[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: Re: Brewer et al. on ``Basic Flaws in Internet Security and
From: Paul Ferguson <pferguso () cisco ! com>
Date: 1995-10-18 17:53:47
[Download RAW message or body]
>
> I'm all for having an external (and hence insecure) network on which
> to place public servers, but I:
> (1) don't want those servers to be able to sniff all the traffic to
> and from my internal networks, and
> (2) want more than a router between my internal and external
> networks.
>
> By putting the public servers on a separate LAN (as per Jon Whitton's
> Mark II version) both (1) and (2) above are effected. The servers
> can only sniff traffic on their LAN, not traffic between the internal
> network and outside. Also, there is no way of bypassing the bastion
> host through a compromised public server.
>
> Is this overly paranoid? Or am I paranoid enough?
>
>
Paranoid enough. :-)
--
Paul Ferguson || ||
cisco Systems || ||
Consulting Engineering |||| ||||
Reston, Virginia USA ..:||||||:..:||||||:..
e-mail: pferguso@cisco.com c i s c o S y s t e m s
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic