Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Firewall positioning in Large Network

from [Hargiss, Jeff] Network Security [Permanent Link]
Subject: RE: Firewall positioning in Large Network
Date: Wed, 20 Jun 2007 14:48:11 -0500 
i am going to make some assumptions:

1. your internet connection is through your access switch
2. you are trying to protect your network from the internet
3. your access switch connects to your core switch
4. you are using layer 3 (iso model) switching (fast routing, as opposed to
layer 2 switching ((which is not routing))).

in that case:

FIREWALL --> ACCESS SWITCH --> CORE SWITCH 

the only thing that touches the core switches are other switches [access,
server, user, distribution] switches.
no users or servers touch the core directly.
no outside links touch the core directly.

many large networks/companies use firewalls internally also.
[between sensitive networks on the access switches]

in the "real world" you will see a mix of many things, a lot depends upon the
requirements & resources available.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Mubin Shaikh
Sent: Wednesday, June 20, 2007 6:34 AM
To: security-basics@securityfocus.com
Subject: Firewall positioning in Large Network

Hi,

Question - 

What is the best logical placement for firewall in large network?

If I have 3000+ user organisation with both core and access switch available,
will i connect my firewall to core switch or access switch ? and why ?

Thanks
-Mubin


 
________________________________________________________________________________
____
Fussy? Opinionated? Impossible to please? Perfect.  Join Yahoo!'s user panel and
lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 

The information transmitted (including attachments) is
covered by the Electronic Communications Privacy Act,
18 U.S.C. 2510-2521, is intended only for the person(s) or
entity/entities to which it is addressed and may contain
confidential and/or privileged material. Any review,
retransmission, dissemination or other use of, or taking
of any action in reliance upon, this information by persons
or entities other than the intended recipient(s) is prohibited.
If you received this in error, please contact the sender and
delete the material from any computer.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Firewall positioning in Large Network, Ansgar -59cobalt- Wiechers
Next by Date:  RE: Firewall positioning in Large Network, David Gillett
Previous by Thread:  Re: Firewall positioning in Large Network, Ansgar -59cobalt- Wiechers
Next by Thread:  RE: Firewall positioning in Large Network, David Gillett
Indexes:  [Date] [Thread] [Top] [All Lists]