|
The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024
|
|
[Date Prev][Date
Next][Thread Prev][Thread Next][Date
Index][Thread Index]
RE: Shuttle & via epia... now firewalls
Andy wrote:
!!! ITYF it was something along the lines of....
!!! Internet > firewall > web server > firewall > back end
server > firewall > LAN
Yup! That's the way to do it in a simple commercial web site. (See
below
However, a bit over the top for even my home LAN :-)
My home LAN is protected by a single firewall. I would not, under any
circumstances, store data on that firewall. Not because I am worried about
that data being lost if the firewall were compromised, but because the act
of enabling "data sharing" irrevocably compromised the
firewall.
"data sharing" means, among other things, web servers, Microsoft
File Sharing, NFS...
I said "simple"... for reference, here's medium-complex. There's
a separate switch between each tier. Each firewall should be different if
possible...
- ISP's Intrusion Detection System
- Port filtering switch
- Firewall A (pair) (eg Cisco PIX)
- Firewall B (pair) (eg Nokia)
- Load-balancer (eg Alterian)
- Web heads (eg Linux)
- Firewall C (eg Sun)
- Application servers (normally internally load-balanced these days) (eg
Sun)
- Firewall D (probably Sun again)
- Database _cluster_ (eg Sun / Veritas)
- Firewall E (eg Cisco PIX again)
- Private WAN
- Corporate Network
Regards,
Mark
For more information: http://www.automatedhome.co.uk
Post message: ukha_d@xxxxxxx
Subscribe: ukha_d-subscribe@xxxxxxx
Unsubscribe: ukha_d-unsubscribe@xxxxxxx
List owner: ukha_d-owner@xxxxxxx
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
Home |
Main Index |
Thread Index
|
|