It sounds way too complex..he still has the network, its just in a
virtual OS, but now he has the added layer of the virtual OS.

sai

On 10/26/05, Julian M D wrote:
> So basically he's saying that he's safer now because of the "DMZ" created
> by
> the L3 Switches???? with 3 layers of application servers running in VIRTU=

AL
> OS's????
> I'd say the safest method is the one that best suits your needs, not onl=

y
> from the security point of view, but TCO, ROI, manageability...etc.
> What I agree on is the fact that, security must be covered from
> INSIDE-OUT.
> Julian Dragut
> Secure the LAN first
> On 10/17/05, Pedski wrote:
> >
> > James Paterson wrote:
> >
> > >http://www.securitypipeline.com/165700439
> > >
> > >Be interesting to get the communities take on this article.
> > >
> > >_______________________________________________
> > >firewall-wizards mailing list
> > >firewall-wizards@honor.icsalabs.com
> > >http://honor.icsalabs.com/mailman/li...rewall-wizards
> > >
> > >
> > >

> > This is a model that has holes...
> > router acl are not statefull.
> > they seem to have some secutiy by means of DMZ
> > the managemnt overhead of this is high..sometimes is not that easy
> > deploying patches if the vulnerabilty came in the night...meaning if yo=

u
> > are blocking everything with a firewall you bought yourself some
> > time....in this case they are open ...the term raise their immunity to
> > exists in hashers condition sounds really nice...but often attacks or
> > worms come like a thief in the night......
> >
> > there is something flawed with this architecture.
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@honor.icsalabs.com
> > http://honor.icsalabs.com/mailman/li...rewall-wizards
> >

>
>

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards