Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Use of VLANS between firewalls - good idea?

from [Damian Gunner] Network Security [Permanent Link]
Subject: Use of VLANS between firewalls - good idea?
Date: Wed, 26 Jan 2005 12:57:30 GMT 
 I am looking to setup a new perimeter network for a client and am 
contemplating the following setup as they have a spare L3 routing switch to 
hand.



DSL-----TELCO ROUTER-------FIREWALL1----------L3 
SWITCH---------FIREWALL2----------LAN



The L3 switch will have each port assigned to a separate network, one for mail, 
one for the extranet and one for the outbound proxy.



Firewall1 will only allow traffic on ports that I specify to go to the VLANS 
setup  on the switch and equally Firewall 2 will only allow traffic from VLANS 
on the L3 switch.



The L3 switch also has routes defined to say what can get from which VLAN to 
the next and over which port.



My worry is over how often I am seeing this to be a bad idea and that it is 
eacy to hop from one VLAN to the next.



Is there something else I could do that would keep the DMZ services on their 
own networks but avoid the issues over using VLANS?



One idea I had was for Firewall1 to have multiple NIC cards and the servers to 
be multi-homed - one NIC to Firewall1 and the other NIC to a common back-end 
network connected to Firewall2.



Any thoughts?

The wait is "Ogre"! Shrek "2sday" is here! Buy the Video or DVD to see tons of 
amazing extras including the Shrektastic mini-film "Far Far Away Idol"! Go to 
http://www.play.com/play247.asp?pa=sb&page=promo&r=R2&id=736&source=859
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Pix performance, Norwich University - Information Security
Next by Date:  RE: Pix performance, Jason Albuquerque
Previous by Thread:  Pix performance, Norwich University - Information Security
Next by Thread:  Re: Use of VLANS between firewalls - good idea?, Kevin
Indexes:  [Date] [Thread] [Top] [All Lists]