BlueDemon states in Running OSPF across a firewall: "I think the reason SOME people still don't want to run a routing protocol in the firewall isn't a technical/security one - but a trust issue/political issue/who does what issue. We know that in past times (not so long, and still being done) the network guys were in charge of the routers/switches/etc, while the security folks were in charge of the firewall/IDS/VPN devices, etc. And neither group trusted each other - and heck, for sure the security folks wouldn't trust any route they got from the network folks. "Gimme a default to rule them all" - very Tolkien - was SECOPS approach."
Tenth myth: Don't allow dynamic routing (or for that matter any network related function) on a firewall. A firewall is not a router. *
Link: Redibuster methodology.
0 comments:
Post a Comment