| |
Firewall Testing About VESARiA |
|
|
3.10 What is a `single point of failure', and how do I avoid having one?
An architecture whose security hinges upon one mechanism has a single
point of failure. Software that runs bastion hosts has bugs.
Applications have bugs. Software that controls routers has bugs. It
makes sense to use all of these components to build a securely
designed network, and to use them in redundant ways.
If your firewall architecture is a screened subnet, you have two
packet filtering routers and a bastion host. (See question
3.2 from this section.) Your Internet access
router will not permit traffic from the Internet to get all the way
into your private network. However, if you don't enforce that rule
with any other mechanisms on the bastion host and/or choke router,
only one component of your architecture needs to fail or be
compromised in order to get inside. On the other hand, if you have a
redundant rule on the bastion host, and again on the choke router, an
attacker will need to defeat three mechanisms.
Further, if the bastion host or the choke router needs to invoke its
rule to block outside access to the internal network, you might want
to have it trigger an alarm of some sort, since you know that someone
has gotten through your access router.
|
 |
Vesaria
3640 Fords Lane, Suite D
Baltimore, MD 21215
443 - 501 - 4044
|
