On Tue, Oct 07, 2003 at 05:04:37PM -0400, Buck wrote: > IF the network computers are running Windows NT Platform (NT, 2000, XP, > or future releases) or Linux boxes, then the internal firewalls on each > computer can be activated and provide an additional firewall on the LAN > computers. Same is true for the Internet boxes. Close all ports but 80 > or whatever is appropriate. You bet. And should also have the hosts.access files tuned up as a 2nd-tier "firewall". A true DMZ is only one-way LAN->DMZ with no possibility of any communication the other way. As Rodolfo said, the security of the border firewall box is key here since if the perp can't crack it from the DMZ box, he/she cannot access the LAN. -- Jack Bowling mailto: jbinpg@xxxxxxx -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
