Great Circle Associates Firewalls
(February 1994)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

From: z056716 @ uprc . com (LaCoursiere J. D. (Jeff))
Date: Mon, 14 Feb 1994 09:51:15 +0600
To: firewalls @ greatcircle . com

Yet Another About To Build A Firewall Message


Have been looking over "Thinking about Firewalls" by mjr, and have some
questions to pose:

1.  What extra security do you buy with a "screened subnet" based firewall
	vs. a "screened host gateway" based firewall?  (In other words,
	what justification is there for the second router?? ).

2.  Does my bastion host have to be the mail and news server for my
	domain, or can I open up ports in the screening router and 
	have these particular hosts in my external DNS maps?

3.  To those that use SOCKS: should I be using something bigger than
	a Sparcstation IPC if I plan to implement SOCKS to proxy for
	ftp, telnet, and possibly mosaic?  What are typical performance
	hits for routing this traffic through a proxy service rather
	than allowing the direct connection to outside hosts? (note that
	our network probably consists of about 500 users - not a large
	portion of which will actually use these services).

Thanks in advance for any input...

Jeff LaCoursiere
Network Admin
Ft. Worth, TX

Indexed By Date Previous: Re: Can you print from a chroot'd process?
From: papowell%dickory @ sdsu . edu (Patrick Powell)
Next: Re: DNS through a packet filter
From: db @ whitney . sunbim . be (Danny Backx)
Indexed By Thread Previous: [no subject]
From: Morten Hermanrud <Morten . Hermanrud @ ibmuio . uio . no>
From: mjr @ tis . com

Search Internet Search