Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Use of VLANS between firewalls - good idea?

from [Kevin] Network Security [Permanent Link]
Subject: Re: Use of VLANS between firewalls - good idea?
Date: Thu, 27 Jan 2005 17:31:38 -0600 
On Wed, 26 Jan 2005 12:57:30 GMT, Damian Gunner <dgunner@lycos.co.uk> wrote:

One idea I had was for Firewall1 to have multiple NIC cards
and the servers to be multi-homed - one NIC to Firewall1
and the other NIC to a common back-end network connected to Firewall2.


The above is the approach I recommend and use.  IMHO, the primary drawback
(ignoring cost) to the "firewall sandwich" approach is the complex
routing tables
needed on each multi-homed host.  If Firewall2 is a proxy firewall or if it NATs
outbound traffic to always appear to originate from Firewall2 (rather than
exposing your internal private IPs) then this problem is greatly reduced.

See the current Firewall-Wizards discussion "[fw-wiz] Multiple
firewalls from different manufactureres" for more on this approach:
   http://seclists.org/lists/firewall-wizards/2005/Jan/index.html



My worry is over how often I am seeing this to be a bad idea
and that it is eacy to hop from one VLAN to the next.


The state of VLAN insecurity has improved greatly, but there are still
risks.  Different switch models from different vendors offer various features
to enhance intra- and inter- VLAN controls.

Kevin Kadow
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Pix performance, Jason Albuquerque
Next by Date:  Re: Pix performance, Roger McLaren
Previous by Thread:  Use of VLANS between firewalls - good idea?, Damian Gunner
Indexes:  [Date] [Thread] [Top] [All Lists]