General discussion

Locked

Double Firewall Implementation

By cnormannpetersen ·
I am curently going to ITT Technical school and my teacher has given us a project that requires Double firewall implementation and I am totally lost. If someone would help me I would be thankfull.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Check out this book

by julie.schneider In reply to Double Firewall Implement ...

Building Internet Firewalls (2nd Ed.)
has a good general discussion of different firewall configurations, including the one you describe.

http://www.oreilly.com/catalog/fire2/

Collapse -

Check out the following link:

by Inkster In reply to Double Firewall Implement ...

http://www.cert.org/security-improvement/practices/p053.html

Basically, you normally utilize a dual firewall configuration with a DMZ, Demilitarized Zone, where both firewalls are different. This is more secure and even if anyone breaks through the outside firewall leading to the DMZ, they have another firewall to breakthrough to the rest of the network.

Having both firewalls come from the same manufacturer and type, defeats this purpose. If someone breaks through the outside firewall, they most definitely can go through the one leading to the rest of the network.

Collapse -

An even better link on Firewalls

by Inkster In reply to Double Firewall Implement ...

http://www.interhack.net/pubs/fwfaq/

This has a lot of information on firewalls. This is a must read!

Collapse -

2x firewall

by AllenTech In reply to Double Firewall Implement ...

Maybe double firewall implementation is putting a firewall on your server(s) and then putting firewall in every workstation connected to the server. Double firewall, double protection.

Collapse -

Another reply

by scott380 In reply to 2x firewall

Double firewall setups are commonly used for DMZ environments, as was suggested be a previous poster. Whilst having a firewall at home on the machine connected to the internet and having one installed on your machine could be classed as a double firewall I don't think this is what your teacher is looking for.
An example is to have something like a cisco PIX as your perimiter firewall, then set your web servers up in a DMZ and then have another firewall like gauntlet set up as a second firewall. This would mean, if properly configured, that an attacker would have to penatrate the PIX and the Gauntlet to gain access to your internal network. Alternatively an attacker will always go the "path of least resistance" and by-pass the firewalls altogether by war dialing for any modems that have been set up on the internal segment of the network.
Good Luck.

Collapse -

Double firewalls hey,,,

by ozzbat2 In reply to Double Firewall Implement ...

Double fire wall is simple,Suggest bringing in a lower end "Dummy" computer, connect the dummy pc tou your pc via network. Close all shares on your computer. Basically, internet connection comes from wall {where ever} to dummy computer, through network to your computer. Now if you were to install firewall software such as at gaurd or zonealarm, nortons firewall pro, on this dummy computer, this would be a double computer. no software is perfect, but this way even if the firewall software is breached, they'd hit the dummy computer which has nothing on it and seeing as nothing is shared from your pc, nothing could be breached.
good luck, ozzbat
ozzbat2@yahoo.com

Collapse -

lets elaberate,

by ozzbat2 In reply to Double firewalls hey,,,

after reading some of the posts, thought i should elaberate.
lets assume you are connectin to internet through cable internet. I would have to install a secon nic on the dummy pc (1 for internet connection and one for network). Now make sure that your bindings in the network applet of control panel do nothave access to the network for your internet connection. download and install your firewall software to the dummy computer. So now when you are hacked, if they make it through the software the"dummy computer" is referred to as the firewall because your network should not be visible on the internet through the firewall "dummy" computer.... Good luck on the project!
ozzbat

Back to Security Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums