I want a Firewall with 8 Network Adapter Card, anybody have a same or
"close" topoplogy ?
Please, reply to guil...@graphus.com.br
Thanks.
> Date: Tue, 12 Aug 1997 13:16:55 -0200
> From: Guilherme S Cantisano <guil...@graphus.com.br>
> I want a Firewall with 8 Network Adapter Card, anybody have a same or
> "close" topoplogy ?
Before best advice can be offered I'd suggest you think of a few wider
issues. Here are a few for starters:
With 8 NIC's, which are friendly and which are hostile (what policies
apply to each network) ?
Which services need to pass between which networks
With the level of services and policies, are all of them really seperate
networks ?
What bandwidth must be handled ?
Just how secure should it be (how important is it that nobody from one
network gets to another)?
Why are you sure it should be one box and not a number of boxes ?
Perhaps some of the networks needs another layer (or more) to protect
them.
How will you test the rules once your set it up ?
More interesting, how will you test the rules when they've been changed ?
What will you be logging, where too and what will you do with it ?
How will you you recognise unwelcome activity and what will you do ?
......
I'm sure many more questions can be added. The point I'm making is that
you need to focus on the real requirements (or perhaps I should say the
real need) before you look for the solution.
It's not hard to buy a box with 8 NIC's, or more, and quite a few
firewalls allow you to build a rule base to support this. The tricky bit
is getting the architecture and the rules right and knowing is is *really*
right and keeping it that way ;-)
For example, I've recently been testing FW-1 on a Sun box with 13 NIC's
and with the right rules it's no less (or more) secure than FW-1 with 2
NIC's.
However, before you decide this is right for you give a good look at
the whole subject and then look for hardware, software appropriate
management solutions.
Good luck,
Dave
--
Dave Whitlow
EMail: dwhi...@wend.dircon.co.uk
Web: http://www.idsec.co.uk