|
|
Security Basics
2 firewalls protecting internal network May 24 2012 04:45AM marco cohen (marcocohen2 gmail com) (7 replies) RE: 2 firewalls protecting internal network May 24 2012 06:37PM Dan Lynch (DLynch placer ca gov) (1 replies) Re: 2 firewalls protecting internal network May 24 2012 06:48PM Mrs. Y. (networksecurityprincess gmail com) RE: 2 firewalls protecting internal network May 24 2012 04:50PM David Gillett (gillettdavid fhda edu) RE: 2 firewalls protecting internal network May 24 2012 04:25PM Mike Vella (mike bakerross co uk) (1 replies) Re: 2 firewalls protecting internal network May 24 2012 04:56PM Ferreira, Steve G. (sferreira mitre org) Re: 2 firewalls protecting internal network May 24 2012 03:36PM Stephanus J Alex Taidri (securityfocus ae taidri com) |
|
Privacy Statement |
In some scenarios, this implementation is highly effective. See my explanation:
The perimeter firewall's function is to allow the permitted traffic/hosts from the external network (internet) access resources in the DMZ. In that case the firewall permits some form of external traffic into the network. This slight loophole can be exploited by hackers to gain access to the DMZ (tunnelling & the likes)
However, the inner firewall (2nd firewall), in some scenarios, can be configured NOT to allow any form of traffic past it, except returning traffic initiated by hosts on the inner network. This to a large extent mitigates the risk of tunnelling from the internet or DMZ into the internal network, as suggested by a learned contributor (but I'm open to learn ways this come be circumvented). NAT would traditionally be implemented on this 2nd firewall also, so internal network addresses are hidden. If properly configured, no routing protocols/static routing is required. Therefore, if an attacker who has compromised the DMZ attempts to get past the 2nd firewall, his packets won't get anywhere, as the compromised machine will only try to forward all packets destined to an unknown network to the default gateway (perimeter firewall, which won't have any information of the networks that reside behind the 2nd one).
It's not foolproof, but it will take some really advanced skills to get past this implementation.
Corrections/suggestions are highly welcome. :)
Kind regards,
Femi M.
CCNP, CCIP, CCNA Sec, Associate (ISC)2
Sent from my BlackBerry® smartphone provided by Airtel Nigeria.
-----Original Message-----
From: marco cohen <marcocohen2 (at) gmail (dot) com [email concealed]>
Sender: listbounce (at) securityfocus (dot) com [email concealed]
Date: Thu, 24 May 2012 01:45:24
To: <security-basics (at) securityfocus (dot) com [email concealed]>
Subject: 2 firewalls protecting internal network
hi all
I know that there is a defence in depth idea to implement 2 firewalls,
each from different vendor.
what you think about it ? is it practical?
thanks
marco
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]