General discussion
-
CreatorTopic
-
September 15, 1999 at 3:30 am #2080349
Layer your exterior with multiple firewa
Lockedby ssloan · about 25 years, 9 months ago
I am wondering what the pros and cons are with keyholing multiple firewalls from different vendors to protect my internal network.
Scott
Topic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
September 28, 1999 at 2:37 am #3901099
Layer your exterior with multiple firewa
by mottco · about 25 years, 8 months ago
In reply to Layer your exterior with multiple firewa
I suppose you already have an idea on a potential benefit of multiple firewalls, in that the weakness of one might the strength of another, but mgmt issues and latency, not to mention cost, would be down sides. As well, if you’re using any type of cachemgr, there’s more cost and add’l latency. What I’ve done in the past was to use a “black box” solution, Cisco’s PIX Firewall (wire-speed, hardened OS) with an external router to that firewall programmed for front-end protection. If you can hack past the router, you certainly won’t get through the PIX. A benefit here, as mentioned, is wire-speed throughput, ease in mgmt, and low cost. Feel free to e-mail me if you have any questions. I hope this helps!
-
September 20, 2000 at 7:01 pm #3793452
Layer your exterior with multiple firewa
by ssloan · about 24 years, 9 months ago
In reply to Layer your exterior with multiple firewa
The question was auto-closed by TechRepublic
-
-
October 6, 1999 at 4:18 am #3901025
Layer your exterior with multiple firewa
by bcastagn · about 25 years, 8 months ago
In reply to Layer your exterior with multiple firewa
I agrre with Mottco, that it would be expensive, but there are other things that you can do to supplement your security. There are Intrusion Detection Systems, like RealSecure from ISS.net. These will work in conjunction with your firewall.
So agoodscenario is a boundary router, with specific ACL’s limiting access to your network (best place for spoof protection), A firewall (hardend OS), with an Intrusion Detection System, then a choke router that limits traffic again internally into your network
You should then get a good scanner software (SATAN, Inetnet Securty Scanner, etc.) and see if you can break into your network.
-
September 20, 2000 at 7:01 pm #3793453
Layer your exterior with multiple firewa
by ssloan · about 24 years, 9 months ago
In reply to Layer your exterior with multiple firewa
The question was auto-closed by TechRepublic
-
-
October 8, 1999 at 12:19 am #3900996
Layer your exterior with multiple firewa
by lwwagner · about 25 years, 8 months ago
In reply to Layer your exterior with multiple firewa
Hi Scott. I tried to answer this about a week ago but got an error when submitting it. I’ll give it another shot.
The main disadvantages to using a multi-vendor solution are cost and complexity. If this is something your orgnaization would support themselves then additional training and support requirements would be necessary. I believe one has to ask what they are trying to protect, what the value is, what the risks are, and what their budget is. A multi-vendor solution will make entrymuch moredifficult and discourage the “script kiddies” and such but if your organization is a target of a group or individual that really, really wants something they may very well have the resources to breach even a multi-layered approach. What doyou have to protect? How valuable is it? What are the consequences if security is compromised? What talents and resources are available to you? What are really trying to protect against?
Hope this helps!
Loren Wagner
-
September 20, 2000 at 7:01 pm #3793454
Layer your exterior with multiple firewa
by ssloan · about 24 years, 9 months ago
In reply to Layer your exterior with multiple firewa
The question was auto-closed by TechRepublic
-
-
November 20, 1999 at 5:32 pm #3902030
Layer your exterior with multiple firewa
by stevev · about 25 years, 7 months ago
In reply to Layer your exterior with multiple firewa
Scott,
Your best bet is to use a router in front and behind the firewall. The router in front can be used with access lists to screen off some of the ports you will not need for any incoming connections.
But the most important action you can take is to audit you firewall after you have installed and configured it. Run a portscanner against it and make sure you are not leaving any ports open that you don’t need.
Steve
-
September 20, 2000 at 7:01 pm #3793455
Layer your exterior with multiple firewa
by ssloan · about 24 years, 9 months ago
In reply to Layer your exterior with multiple firewa
The question was auto-closed by TechRepublic
-
-
January 15, 2000 at 10:42 am #3903019
Layer your exterior with multiple firewa
by ddavid · about 25 years, 5 months ago
In reply to Layer your exterior with multiple firewa
Using a multi-vendor firewall solution sounds like a good concept but maintaining such a configuration could really get messy.
As the group has pointed out a hardend router in front of a firewall is a great idea. Ease of configuration and level of security provided are in a good proportion.
With that said my suggestion is this:
1. Harden your outside router to offer some protection and knock out the uneeded ports immediately.
2. Place an additional packet filtering machine behind the outside router to offer additional protection. Behind this firewall place your publicly available internet resources. This area is commonly referred to as a DMZ.
3. Place a proxy firewall next and build your corporate or private network here. This allows for a single enty point for TCP / Internet based attackes and also allows for better management of users internally. IP’s from the private network block can be used here behind the proxy server.
There are literally hundreds of manufacturers of firewa
-
September 20, 2000 at 7:01 pm #3793456
Layer your exterior with multiple firewa
by ssloan · about 24 years, 9 months ago
In reply to Layer your exterior with multiple firewa
The question was auto-closed by TechRepublic
-
-
March 23, 2000 at 7:48 pm #3901610
Layer your exterior with multiple firewa
by william.ho · about 25 years, 3 months ago
In reply to Layer your exterior with multiple firewa
Hi,
The Pros would be:
– Each vendor’s firewall has its strength in particular aspect of protection. You can capitalised on this and deploy according to the product strenght.Cons:
– You need at least 2 or more people to administrate the mulitple firewalls. Although each firewall may be using the same concept of protection but the administrating may be entirely different.Best regards
William-
September 20, 2000 at 7:01 pm #3793457
Layer your exterior with multiple firewa
by ssloan · about 24 years, 9 months ago
In reply to Layer your exterior with multiple firewa
The question was auto-closed by TechRepublic
-
-
September 20, 2000 at 7:01 pm #3793451
Layer your exterior with multiple firewa
by ssloan · about 24 years, 9 months ago
In reply to Layer your exterior with multiple firewa
This question was auto closed due to inactivity
-
-
AuthorReplies