-
April 24th, 2005, 11:00 AM
#1
Senior Member
Hardware firewall advice
Hello everyone, i have here a question for you.
here is my situation, i have a network with 2 internet connections,behind 2 routers. I have other routers that connects to another 2 systems (private network).
What im looking for is, a hardware firewall, so that the 2 internet connections could be more secure.
what im thinking is, a SonicWall Pro 5060(or CheckPoint) -->(maybe a sniffer)--> Proxy-->Network , and a linux firewall on one of the private systems, because one of them have its own internet connection, so if an attacker wanna get acess, he could attack from there, because that connection is impossible to pass through the hardware firewall.
I would like your expert opinion, about the firewall, and about the implementation of this security.
Thanks all for your help.
-
April 24th, 2005, 11:46 AM
#2
As long as a node has its own connection, any firewalling beyond that will be pointless. Anyone looking for a way into your network *will* eventually figure out that you've got a backdoor. Don't count on people just not finding it. The main connections might see more scans and skiddie attacks, but they're easy enough to block anyway. Any determined attack will find a way through the back door and therefore around your shiny new hardware firewall.
There's no point putting security in place on the main connections that you can't match on the backdoor connection. Like not locking the back door so your kids can get in the house if they lose their keys. A determined burglar ain't gonna give up when the front door is locked.
And why in the hell are you worrying about securing a network without closing the backdoors first? Just wondering here...
Either eliminate the backdoor, or give it security just as good as the main connections.
But hey, that's just my 2 cents...
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError community!
-
April 24th, 2005, 12:31 PM
#3
Senior Member
maybe i didn't explained correctly
1st network:
Firewall (Sonicwall)-->(maybe Sniffer)-->Proxy--> Network
2nd Network
Firewall (Linux firewall) --> Router(with firewall) ---> router (with firewall) ---> Main Network(1st network)
this is why im asking your opinion, if the Hardware firewall is well chosen, and this security implementation, is well defined, or should i change something.
It is not yet confirmed, but the other solution is a direct optical cable, for 1st network to the 2nd network, but duo the highly costs im not sure that will be possible, so im trying to make a implementation plan, just in case.
If they buy the optical, everthing will go trought the Hardware Firewall and proxy.
-
April 24th, 2005, 01:05 PM
#4
I for one don't understand the network.
Perhaps it might be better to describe what exists now, then what you envision.
Are there two separate locations? Is there a defined DMZ ? Are there Web servers?
As Striek said,
Either eliminate the backdoor, or give it security just as good as the main connections.
By the way, why do you consider the hardware firewall different from the Linux firewall?
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
-
April 25th, 2005, 02:03 AM
#5
Senior Member
Im sorry i didn't explanied correctly.
I have 2 diferent networks that are connected by 2 routers ( a router in each network)
the first network, lets call it X, i have 2 kinds of internet access, and have a mail server, data server, and workstations, data base server.
The other network, lets call Y, i have 1 kind of internet access, a data base server, and workstations.
What i was thinking is, in the network X put a --> Firewall-->Maybe Sniffer--> proxy--->Local Network
On the Y Network. Linux Firewall---> Workstations
i hope this time i explained correctly
Thanks for the replys
-
April 25th, 2005, 09:13 AM
#6
How about (I hope this comes out right) :
Code:
[internet1]--->----\
[router]----[firewall]----[router]--------[main network]
[internet2]--->----/ | \----------[other network]
|
\-----[DMZ]---[mail, web, proxy]
Oliver's Law:
Experience is something you don't get until just after you need it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|