Hi!
I want to set a up a DMZ in my school. The only thing I want to know, is:
- Internet -> HARDWARE-ROUTER -> FW -> DMZ -> FW -> Intranet
or
- Internet | | Hardware-Router | | | FW DMZ _______/\______Intranet
(I hope, this ascii art is good enough... :-/)
Our school has no good connection and low traffic but this is for a skilled work (the german term is 'Facharbeit') and so I want a really secure thing (no, I won't cut the cable ;-D).
Any comments or proposals?
Thanks, Max
Hi Max, I would prefer the first setup, because it better protects your internal network. If you for instance face a DoS-attack, the first FW acts as a bastion host. In the first setup you are also better able to place application-layer proxies in your DMZ to filter traffic from internet to your schoolnet and vice versa. I suggest you reading the "Firewall - Handbuch" (in german) at http://www.little-idiot.de/firewall/zusammen.html by Guido Stepken btw.: nomen *non* est omen in this this case kindly regards Mit freundlichen Grüßen Dr. H. Rosner Stadtverwaltung Jena Hauptamt / Datenverarbeitung Tel: 03641 49 4181 Fax: 03641 49 4167 eMail: ros@jena.de