 |  |  |  |  |  |  |  |
Multi-firewall defense in depth
 |
I have simple question which is regarding firewall deployment in defense in depth strategy.
I want to install multiple firewall on my network I want to know should all the firewall placed on different segment of the network be "all configured in fail close fashion". In this case would this create a single point of failure if all the devices were to fail at one time. Would it make your network inaccessible to the rest of the network.
Secondly, the other concern of using multiple layer firewall is the duplication of policies. In my experience even working with two or more firewall in one environment is enough to create a management nightmare. Is duplication an option which should be considered like a best practice approach or when you have consistent hardware environment (juniper , juniper , pix , pix etc).
With duplication you eliminate the degree of uncertainty of speculation or assumption of firewall at different layer would have a certain policy to block certain service/ port but in actuality its quiet the opposite where the service is not being stopped or disallowed by the firewall. Duplication would solve the problem but than as i said it again it has to do with interoperability among other issues. Can someone please like to comment on the scenario
thank you.
I want to install multiple firewall on my network I want to know should all the firewall placed on different segment of the network be "all configured in fail close fashion". In this case would this create a single point of failure if all the devices were to fail at one time. Would it make your network inaccessible to the rest of the network.
Secondly, the other concern of using multiple layer firewall is the duplication of policies. In my experience even working with two or more firewall in one environment is enough to create a management nightmare. Is duplication an option which should be considered like a best practice approach or when you have consistent hardware environment (juniper , juniper , pix , pix etc).
With duplication you eliminate the degree of uncertainty of speculation or assumption of firewall at different layer would have a certain policy to block certain service/ port but in actuality its quiet the opposite where the service is not being stopped or disallowed by the firewall. Duplication would solve the problem but than as i said it again it has to do with interoperability among other issues. Can someone please like to comment on the scenario
thank you.
Last edited by latin; Oct 5th, 2009 at 7:45 am.
|
Similar Threads
- Help with automatic update problem and more (Viruses, Spyware and other Nasties)
- News Story: Microsoft announces host of new Internet Explorer 8 security features (Web Browsers)
- Worth getting vista (Windows Vista and Windows 7)
- News Story: Vista has to have AV baby... (Windows Vista and Windows 7)
- Would it be unwise to disable my NAT firewall ?(router is a SMC 7204BRA) No Hurry :) (Viruses, Spyware and other Nasties)
- IE Web Page Active X Security Updates - Explained (Web Browsers)
- Lighter Antivirus and Firewall (Viruses, Spyware and other Nasties)
- Do you need AV and Firewall? (Windows NT / 2000 / XP)
- New MB and Firewall (Windows NT / 2000 / XP)
- vnc on linux, firewall shutdown command (*nix Software)
Other Threads in the Network Security Forum
- Previous Thread: Injuncted via Twitter
- Next Thread: A Broadband Router is a hardware firewall?
Views: 630 | Replies: 1
| Thread Tools | Search this Thread |
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for Network Security
2008 adobe advice antivirus apple barackobama blackmail botnet browser business china civilliberties crack crime cybercrime daniweb data database dataloss dataprotection development email emailretention encryption europe exploit facebook fail forensic fraud gmail google government hack hacker hacking hardware homelandsecurity ibm identitytheft idtheft information internet iphone kaspersky kernel law linux malware mcafee mckinnon microsoft military mobile nasa nationalsecurity network news obama password passwords paypal pentagon phishing phone politics privacy realplayer report research safari satnav scam search security skype socialnetworking software softwaredevelopment sophos spam sqlinjection survey symantec terrorism terrorist theft trends trojan twitter uk usb virtualization virus vulnerability web wireless worm yahoo youtube
