On Wed, 4 Oct 2000, Bill Carlson wrote:
> I've run a two firewall setup, it was no more troublesome than a single
> setup. The advantage is that an attacker would have to crack two boxes to
> get to the private LAN as opposed to one. In this case it would be three!
For most protocols, two firewalls won't present more trouble, but if you
have to use a specific masq module, or autofw, it might be
troublesome. (Like I said, it's the wierd ones.)
As for cracking two rather than three... A firewall should run NO services
if you can get away with it, and at most ssh. You probably wouldn't want
it to accept connections from the outside.
So, the the most lax security state, you're running ssh and accepting
connections from the internet at large. Your breakin scenario, then, is
that someone finds an exploit for ssh. It will be no more difficult to
crack the second firewall than it was the first. You haven't really
gained much from the additional firewall.
Either save the cost of the second firewall, or spend it on a test
workstation and use it to test and experiment with different firewall
software ;)
MSG
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
