Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

8 Networks

0 views
Skip to first unread message

Guilherme S Cantisano

unread,
Aug 12, 1997, 3:00:00 AM8/12/97
to


I want a Firewall with 8 Network Adapter Card, anybody have a same or
"close" topoplogy ?

Please, reply to guil...@graphus.com.br

Thanks.

Dave Whitlow

unread,
Aug 14, 1997, 3:00:00 AM8/14/97
to

On Tue, 12 Aug 1997, Guilherme S Cantisano wrote:

> Date: Tue, 12 Aug 1997 13:16:55 -0200
> From: Guilherme S Cantisano <guil...@graphus.com.br>

> I want a Firewall with 8 Network Adapter Card, anybody have a same or
> "close" topoplogy ?

Before best advice can be offered I'd suggest you think of a few wider
issues. Here are a few for starters:

With 8 NIC's, which are friendly and which are hostile (what policies
apply to each network) ?

Which services need to pass between which networks

With the level of services and policies, are all of them really seperate
networks ?

What bandwidth must be handled ?

Just how secure should it be (how important is it that nobody from one
network gets to another)?

Why are you sure it should be one box and not a number of boxes ?

Perhaps some of the networks needs another layer (or more) to protect
them.

How will you test the rules once your set it up ?

More interesting, how will you test the rules when they've been changed ?

What will you be logging, where too and what will you do with it ?

How will you you recognise unwelcome activity and what will you do ?

......


I'm sure many more questions can be added. The point I'm making is that
you need to focus on the real requirements (or perhaps I should say the
real need) before you look for the solution.

It's not hard to buy a box with 8 NIC's, or more, and quite a few
firewalls allow you to build a rule base to support this. The tricky bit
is getting the architecture and the rules right and knowing is is *really*
right and keeping it that way ;-)

For example, I've recently been testing FW-1 on a Sun box with 13 NIC's
and with the right rules it's no less (or more) secure than FW-1 with 2
NIC's.

However, before you decide this is right for you give a good look at
the whole subject and then look for hardware, software appropriate
management solutions.

Good luck,

Dave
--
Dave Whitlow
EMail: dwhi...@wend.dircon.co.uk
Web: http://www.idsec.co.uk


0 new messages