By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
It's actually good to use three NICs to build firewall . Regarding your scenerio ,everything looks good but as far as security is concerned , i am assuming that certain things have been take care of and if not here are my recommendations:-
1. IP forwarding is not enabled between the NICs. If ?Yes? then disable IP forwarding .
2. Winroute Pro for NAT/Firewall does not have application level protection as it?s mainly a packet filtering firewall. Just (always) default to denial ,except the ones specifically needed .Also it would be better if you can use some application level firewall and a good example of that is Gauntlet Firewall from CA.
3. If you are hosting DNS services then make sure Zone transfer is disable.
4. Take off all the unnecessary services from the box.
5.To make it more secure: Build a VPN tunnel (use IPsec or PPTP) between the DMZ NIC and Internal NIC & set the filtering to allow only the two machines to talk through it.
6.You should disable ADSL when not being used.
7.Disable NetBIOS over TCP/IP
8.Scanning Tools are helpful in finding the security holes. Use Portscanners as they can tell you what ports are open and use SATAN: The best tool to anylze and monitor traffic on the network.
If you need a comprehensive step by step approach to penetration testing GOTO : http://www.wittys.com/files/mab/fwpentesting.html
Dig Deeper on Network Security Monitoring and Analysis
Related Q&A from Puneet Mehta
To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: http://...continue reading
Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ...continue reading
Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.