Double firewall security.

  • Thread starter Thread starter Sinatra Williams
  • Start date Start date
S

Sinatra Williams

Hello:

I'm curious, is there an advantage or disadvantage of using 2 firewalls on a
broadband connections. The scenario is, I have a netgear firewall and I am
thinking of diasy-chaining 2 firewalls together. Is that logical...What are
the good points and bad points of doing this? Also, can you build a honeypot
using 2 firewalls. I am teaching myself but trying to learn at the sametime.

Any comments would be appreciated.

Thanks,
 
sinatra- said:
Hello:

I'm curious, is there an advantage or disadvantage of using 2 firewalls on a
broadband connections. The scenario is, I have a netgear firewall and I am
thinking of diasy-chaining 2 firewalls together. Is that logical...What are
the good points and bad points of doing this? Also, can you build a honeypot
using 2 firewalls. I am teaching myself but trying to learn at the sametime.

Any comments would be appreciated.
Click to expand...

You can use two NAT routers, in effect you give yourself a real DMZ
(the first network) and a LAN (second network) by doing this. There is
no real advantage to it as anything that makes it in will be something
you invited, so the NAT won't protect you from yourself.

What you could do is run a NAT Router and then also a personal firewall
application.
 
Sinatra said:
Hello:

I'm curious, is there an advantage or disadvantage of using 2 firewalls on a
broadband connections. The scenario is, I have a netgear firewall and I am
thinking of diasy-chaining 2 firewalls together. Is that logical...What are
the good points and bad points of doing this? Also, can you build a honeypot
using 2 firewalls. I am teaching myself but trying to learn at the sametime.

Any comments would be appreciated.

Thanks,
Click to expand...

In general there are advantages in using 2 or more firewalls when
shielding between networks (here home and internet).

Without going into to many details I will say:

1: Use 2 different products if possible.

2: Keep general policies on the outer firewall (here to www)

3: make the outher firewall a "bridged" firewall (No IP) if possible,
with a seperate management interface.

4: Use the inner firewall(s) for detailed policies down to host/ports.


Add to the above proxies, mail spam filters, etc - that can reside on
the host itself on between first and second firewall.

You will get multible layer security - and 1 wrong (logical ?)
configuration will not leave you totally exposed. The bridged firewall
can protect the 2 firewall very efficient.


Best regards

Bent Mathiesen
Security Specialist
CCSE GCIA MSCS
 
Back
Top