Sorry My Bad, I ment sygate.. Too Much Code work..
Cheers
Printable View
Sorry My Bad, I ment sygate.. Too Much Code work..
Cheers
Phantom: Both are windows firewalls. We're talking linux firewalls here ;-)
A relatively inexpensive firewall arch. that I like is the 'screened subnet'. Essentially you are doing stateful
packet-filtering on the exterior router, have a DMZ made up of bastion hosts configured in an ultra-paranoid
manner, and an interior stateful packet-filtering screening router to your intranet. It is also handy to place a
NIDS host between your ISP and the exterior router, this can be tricky to get right (so it is effectively transparent)
but worth the effort once in place.
I like to make the hosts on the DMZ triple homed, each interface on it's own network with one net for externalCode:{ VOID }
|
|
[ NIDS ]
|
|
[ Ext. Router ]
|
|
< SW0 >____________[ Host0 ]________[ Host1 ]_________[ Host2] (DMZnet)
|
|
[ Int. Router ]
|
|_____________(Internal Network)
traffic, another for Host-to-Host communication and backups, and the third for Admin.
It is also not a bad idea to proxy all your client traffic on the internal network, this allows for having one very
heavily secured host doing all the communication on behalf of your clients, and can reduce a lot of the risk.
-- spurious