From: kevin gannon (kevin@gannons.net)
Date: Thu Nov 03 2005 - 15:34:40 GMT-3
What do you do if you run to hundreds of DMZ's ?
Regards
Kevin
On 11/3/05, James Ventre <messageboard@ventrefamily.com> wrote:
> And it's not like a 2950-12 or 2950-24 is all that expensive!
>
>
> Guyler, Rik wrote:
> > But that's the real issue here isn't it? Sure you can control how it gets
> > setup now but how will the config and connectivity evolve over time? Will
> > those changes at some point compromise the security? What if a new
> > undiscovered bug becomes known at a later time? Cisco tests IOS pretty
> > thoroughly before releasing it but yet they are constantly releasing
> > security notifications and pushing out patched IOS versions. Cisco can only
> > assure the security of their products now, not next year. Do you want to
> > take a chance on missing one of those bug notices?
> >
> > For the Enterprise I believe in bullet-proof design and sharing a switch for
> > private and public networks is not bullet-proof. True the risk factor may
> > be low but I want to know that I've eliminated every possible security
> > breach I can for now and hopefully the future too. Nobody was ever
> > compromised by using separate devices around the firewall. Make it as
> > secure as you can now and you will greatly reduce the potential for problems
> > later.
> >
> > My .02
> >
> > Rik
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:05 GMT-3