February 13th, 2002, 04:47 PM
Defense in Depth
Let's see how people are handling this challenge.
All comments welcome on how you did it or plan to.
February 13th, 2002, 06:13 PM
Well...lets see...I have designed and worked in so many diferent environments, I don't know where to start. I guess I will list a typical scenario from the Internet looking in:
*Cisco 7500 series routers running HSRP with basic ACL's
*Some type of content switches
*Redunt Checkpoint firewall pair
*Cisco 6506 or 6509 switches at layer 3 with VLAN's and ACL's
*Proxy servers (Cacheflow or Netscape)
*Network IDS sensors (usually Snort)
*Web and application servers w/HIDS agents
*Additional Checkpoint firewall failover pair
*Additional NIDS sensors
*HIDS agents on critical servers
I know this is very vague...but it would take me about 2 weeks to explain in detail. Not to mention about 100 pages that nobody would want to read....
February 13th, 2002, 06:43 PM
No actually it's not vague - I'm with you on all of it.
On the dmz part how did you solve the session deaths? Local dirs, sticky, cluster?
February 13th, 2002, 06:44 PM
Oh and did you use stonebeat or something like that for your ckp failover?
February 13th, 2002, 08:28 PM
for active session failover, i have used Stonebeat..yes. I have also tried Nokia's VRRP, and now we are using Cisco Arrowpoint content switches to do the job.
February 13th, 2002, 11:31 PM
Not used but seen the nokia at the vendor. Seems ok. That content switch sounds like it works on the same principle as local directors/mgmt switches. I haven't used content switches but it sounds good.
Sounds like you've got a lot to contribute to this forum iNViCTuS. Well done.