------=_Part_40510_22037608.1130350159209
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

So basically he's saying that he's safer now because of the "DMZ" created b=
y
the L3 Switches???? with 3 layers of application servers running in VIRTUAL
OS's????
I'd say the safest method is the one that best suits your needs, not only
from the security point of view, but TCO, ROI, manageability...etc.
What I agree on is the fact that, security must be covered from INSIDE-OUT=
..
Julian Dragut
Secure the LAN first
On 10/17/05, Pedski wrote:
>
> James Paterson wrote:
>
> >http://www.securitypipeline.com/165700439
> >
> >Be interesting to get the communities take on this article.
> >
> >_______________________________________________
> >firewall-wizards mailing list
> >firewall-wizards@honor.icsalabs.com
> >http://honor.icsalabs.com/mailman/li...rewall-wizards
> >
> >
> >

> This is a model that has holes...
> router acl are not statefull.
> they seem to have some secutiy by means of DMZ
> the managemnt overhead of this is high..sometimes is not that easy
> deploying patches if the vulnerabilty came in the night...meaning if you
> are blocking everything with a firewall you bought yourself some
> time....in this case they are open ...the term raise their immunity to
> exists in hashers condition sounds really nice...but often attacks or
> worms come like a thief in the night......
>
> there is something flawed with this architecture.
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/li...rewall-wizards
>


------=_Part_40510_22037608.1130350159209
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

So basically he's saying that he's safer now because of the "DMZ&=
quot; created by the L3 Switches???? with 3 layers of application servers r=
unning in VIRTUAL OS's????

 

I'd say the safest method is the one that best suits your needs, =
not only from the security point of view, but TCO, ROI, manageability...etc=
..
 

What I agree on is the fact that, security must be covered from INSIDE=
-OUT.

 

 

Julian Dragut

Secure the LAN first

 

 

 

 

On 10/17/05,
>Pedski
<edski@optonline.net">pedski@optonline.ne=
t
> wrote:

px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">James Paterson wrote:

&gt=
;http://www.securityp=
ipeline.com/165700439

>
>Be interesting to get the communities take on this arti=
cle.
>
>_______________________________________________
>=
firewall-wizards mailing list
> or.icsalabs.com">
firewall-wizards@honor.icsalabs.com
> labs.com/mailman/listinfo/firewall-wizards">http://honor.icsalabs.com/mailm=
an/listinfo/firewall-wizards
>
>
>
This is a model=
that has holes...

router acl are not statefull.
they seem to have some secutiy by mean=
s of DMZ
the managemnt overhead of this is high..sometimes is not that e=
asy
deploying patches if the vulnerabilty came in the night...meaning if=
you

are blocking everything with a firewall you bought yourself some
tim=
e....in this case they are open ...the term raise their immunity to
exis=
ts in hashers condition sounds really nice...but often attacks or
worms =
come like a thief in the night......


there is something flawed with this architecture.
______________=
_________________________________
firewall-wizards mailing list
ef=3D"mailto:firewall-wizards@honor.icsalabs.com">firewall-wizards@honor.ic=
salabs.com

rds">http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
lockquote>



------=_Part_40510_22037608.1130350159209--
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards