Although we have only one Firewall, different rules may be applied to
each interface. The public servers are segregated at least from the LAN
hosts, and possibly from each other, greatly limiting an attackers
progression though the network should one host fall.
Availability and Reliability
The network security design thus far has revolved around the integrity
of the hosts and network through restricting an attacker’s access to the
hosts and limiting the consequent progression through that network
should a host fall. Each of the security decisions above has also
adversely affected the availability and reliability of the network. Each
multi-homed bastion host (which we will refer to as a firewall in this
context) has introduced another potential point of failure. Each hurdle
we have placed in the path of an attacker has also introduced a
performance bottleneck for genuine users.
No comments:
Post a Comment