[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: RE: Making a case for Firewall design
From: Don Flint <Windows/dflint/dflint () the-hermes ! net>
Date: 1997-01-02 13:04:21
[Download RAW message or body]
> > Reply to your message of 1/2/97 12:42 PM
>>
>>I'm trying to make a case for a firewall design. I've narrowed the choices
>>down to two options. Option A looks like:
>>
>>
>> internal internal dual-homed external
>> network --- filtering --- bastion host with --- filtering --- internet
>> router TIS toolkit router
>>
>>option B looks like:
>>
>> internal internal bastion host(s) external
>> network --- "firewall" | filtering --- internet
>> system* ---- DMZ network ---- router
>>
>>*(Cisco PIX or similar device)
>>
>>With both options, we would need to proxy or masquerade all internal
>>connections to the internet (we use private IP addresses). I'm pretty sure
>>both options would give us what we want (internet connectivity + security).
>>The trade-offs I see are the lower cost of A (most of the pieces are already
>>in place) vs. the ease of use and extensibility of B. My own preference is
>>for option B but I'll need some backup before I can make a case for spending
>>$10K+.
>>
>>Has anyone else made or seen such a (third-party) analysis before? I have
>>the O'Reilly Firewalls book but they don't really cover option B.
<snip .sig>
Rich:
Have you thought about some of the other commercial products rather than just the TIS \
toolkit or the router/DMZ approach? There are several very good ones produced for a \
variety of platforms. Price has always been an objection, but now many of them are \
available for the same cost as the range you mentioned for the router/DMZ. They \
offer improved security over the router/DMZ approach as well. What ever route you \
decide to go, best of luck.
Don Flint
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic