We are running a highly restricted intranet with different networks attached to it.
DMZ, VOIP, RECOBS webbrowsing, facility mgmnt, network administration subnet and so on.
Right now we are using dedicated firewalls for each of these networks so if one firewall is misconfigured, not all networks are open for attackers. All of these firewalls are linked together in a routing subnet to route from the intranet to these firewalls via layer 3 Switch.
I‘m rethinking that structure to reduce the number of firewalls - but i think it will be more vulnerable for misconfiguration to connected networks…
If an attacker can attack the firewall (iptables) he would have instant access to all subnets…
No comments:
Post a Comment