[Year 12 SofDev] Exam Question C9

Kevin Feely feely.kevin.k at edumail.vic.gov.au
Thu Nov 20 12:13:11 EST 2008


Hi Kevork,
snip ....


> 1. Section A Q 17 . Terrible question. 
>    The only workable answer given the topology, is to have a dedicated firewall on segment 3. Segment 4 is outside the control of the organisation. The ISP controls Segment 4 and allocated an IP address to the modem interface to allow it to speak with the ISP. If a firewall is placed in segment 4 the network will not function as the modem will not be able to speak to the ISP. 
>   Kevin , you make a good point about not having your router exposed to attacks by having the firewall at segment 3. That is why this is a bad question. Because ideally the firewall should be between the router and the modem. However, corporate solutions place the dedicated firewall if that is what we MUST use ( separate box ) at segment 3 because the router is just that, doing routing ( path selection and steering of packets to the right interface or perhaps some Network address translation where internal private addresses can be translated to live addresses and/or even acting as a DHCP server) and not much more. 
>
>  The firewall would be best placed as a part of the router on the router/modem. 
>   
..... unsnip
Yep, absolutely. And i presented this view at the end of a session by 
Maggie at Melb Uni earlier this year. i was told (not by Maggie) but by 
someone involved in the final decision making process that as far as SD 
was concerned a firewall had to be put as the last device before the 
internet cloud, after the modem/router, and it couldn't be a software 
solution or as part of the router configuration. Unfortunately in my now 
more accepting character i let this go. So my answer is not only what i 
told my students, it is what i was told by a member of the SD panel, 
even tho it is incorrect. such is life?

regards
Kevin


Important - This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education and Early Childhood Development.


More information about the sofdev mailing list