| 1 |
On 07/18/06 Drew wrote: |
| 2 |
> Multiple physical interfaces isolate the underlying ethernet traffic |
| 3 |
> to the specific 'side' of the firewall they're attached to. On a |
| 4 |
> single wire/NIC setup all you need is a packet sniffer running on a |
| 5 |
> 'outside' malicious host (in promiscuous mode) to map the firewalled |
| 6 |
> portion of your network and then configure the same host to masquerade |
| 7 |
> as a firewalled host. Once that's done, the malicious host has the |
| 8 |
> same access rights as any other firewalled host. |
| 9 |
|
| 10 |
You're failing to think of point to point tunnels links over a secure |
| 11 |
protocol, and VLANS - but your point is correct if on a standard flat |
| 12 |
network. |
Archives