RE: DMZ implementation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Paulo, are you perhaps from Portugal...???

Paulo Andre



-----Original Message-----
From: Paulo Abrantes [mailto:pcma@mega.ist.utl.pt] 
Sent: Wednesday, November 20, 2002 2:17 AM
To: security-discuss@linuxsecurity.com
Subject: DMZ implementation


Hello all,

I have a small home LAN, about 7 computers, and finally
I'm getting ADSL installed. Since I'm thinking in providing services, such
as ssh and http, I'm considering to implement a DMZ. So I can leave those
services in the DMZ, and leave my private LAN alone. What I have in mind is
something like:

Internet <- eth0 -> Gateway with NAT <- eth1 -> Switch for LAN 
                                     <- eth2 -> DMZ 

My question is, if it is secure to get my gateway double legged, as shown.
Or, should I get a 1st gateway that would NAT my DMZ and inside my DMZ,
would just have another gateway that would provide NAT for my private LAN.
This one seems more secure, since, if I get my 1st gateway 
cracked the attacker still has to discover and beat the 2nd one. Though, I
do not see anymore advantages...

Some thoughts and ideas on how should I really implement would be nice.

Thanks,

P. Abrantes
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux