Home page logo
/

basics logo Security Basics mailing list archives

Re: Transparent vs Routed Firewall
From: Alex <alex.tsr () gmail com>
Date: Mon, 8 Feb 2010 11:54:26 +0200

On 5 February 2010 00:17, Chris Brenton <cbrenton () chrisbrenton org> wrote:

I dig transparent when it is internal. Less impact on the existing
infrastructure, you don't have to resubnet, no new DHCP scopes, etc.
etc. You are far less likely to bork the network if you go with a
transparent implementation during an internal installation.


Well the servers are either new or scheduled to be placed on a
different subnet either way so that's not a problem.

With that said, I assume you don't need NAT or VPN termination? If you
do, you might want to reconsider.

No. nothing of those.


A heavy rock "feels" like it should fall faster than a lighter one, that
does not make the statement correct. ;-)

exactly, that's why I asked

From a security perspective, transparent gains you squat. In fact I
would argue it is _less_ secure as you loose the ability to leverage
routing as one of your security layers. I've head folks say it
"stealths" the firewall, but that is completely false. A little work
with tcptraceroute or a similar tool and you can easily figure out
exactly where the firewall is sitting, what rules are in play, etc.

So based on the info you provided I would consider transparent for its
ease of deployment, not for any type of security gain.

HTH,
Chris

It does, thank you.

I think I'll stick to the "old-fashioned" routed for now but I'd like
to see the other way some time as well.

-- 
Cheers, Alex.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]