The UK Home Automation Archive

Archive Home
Group Home
Search Archive


Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Shuttle & via epia... now firewalls



Andy wrote:

!!! ITYF it was something along the lines of....

!!! Internet > firewall > web server > firewall > back end server > firewall > LAN

Yup! That's the way to do it in a simple commercial web site. (See below

However, a bit over the top for even my home LAN :-)

My home LAN is protected by a single firewall. I would not, under any circumstances, store data on that firewall. Not because I am worried about that data being lost if the firewall were compromised, but because the act of enabling "data sharing" irrevocably compromised the firewall.

"data sharing" means, among other things, web servers, Microsoft File Sharing, NFS...



I said "simple"... for reference, here's medium-complex. There's a separate switch between each tier. Each firewall should be different if possible...

- ISP's Intrusion Detection System

- Port filtering switch

- Firewall A (pair) (eg Cisco PIX)

- Firewall B (pair) (eg Nokia)

- Load-balancer (eg Alterian)
- Web heads (eg Linux)

- Firewall C (eg Sun)

- Application servers (normally internally load-balanced these days) (eg Sun)

- Firewall D (probably Sun again)

- Database _cluster_ (eg Sun / Veritas)

- Firewall E (eg Cisco PIX again)

- Private WAN

- Corporate Network


Regards,

Mark

For more information: http://www.automatedhome.co.uk
Post message: ukha_d@xxxxxxx
Subscribe:  ukha_d-subscribe@xxxxxxx
Unsubscribe:  ukha_d-unsubscribe@xxxxxxx
List owner:  ukha_d-owner@xxxxxxx

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.

Home | Main Index | Thread Index

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.