Code: |
INTERNET | Router/firewall | | LAN DMZ | | | PC PC PC 1 2 3 |
Bhodi wrote: |
Is traffic coming from one of the boxes in the DMZ handled the same as traffic coming from the internet? I mean, is traffic from a compromised box in the DMZ zone more dangerous for the 'safe' part of the network then traffic coming from the internet?
|
Aflack wrote: |
Would it be to much trouble if you point me to our draw out this layout of the DMZ security settings. It would be a lot easier if I could picture what was being mentioned above. |
danielrm26 wrote: |
This is a "sandwich" DMZ -- the one that I prefer, and the one that offers more security than the "multi-NIC" approach. |
Sgt_B wrote: |
Could you explain how that DMZ topology offers "more security"? The multi-nic approach would be based on the same rulesets as the two firewall DMZ. So the same rules would be applied...just on different firewalls.
The only aspect where this would provide more security (to me anyway) would be if a firewall itself was compromised. |
Bhodi wrote: |
Well, my router basically just does that, it functions as a firewall and a hub together. I can set one pc up as DMZ. |
danielrm26 wrote: |
All that is is a default host for the NAT functionality of your router, and it's generally not a good idea to use if you need real security. |
output generated using printer-friendly topic mod, All times are GMT + 2 Hours