Can someone please explain to me the point of security layering? In a scenario, where you have two firewalls, one north that connects to the circuit with a south interface that connects to a DMZ, then another firewall that has an Untrust interface in that DMZ with the trusted networks south of it. I understand that it fully segregates the DMZ from the trust networks, but this same thing could be achieved with simple security levels on an ASA, or zone policy on a Palo Alto.
In what scenario could a business be attacked and this be of use? At the moment, I only see that it's more expensive and more difficult to manage, meaning you have two rule bases to maintain.
Thanks in advance!
No comments:
Post a Comment