[Year 12 SofDev] Exam Question C9

Don Morelli Optus da_morelli at optusnet.com.au
Fri Nov 21 07:00:40 EST 2008 

Your answer is disturbing Kevin as I am not aware of teachers of SD being
told that this is the case. I haven't seen it in any advice, and would be
interested in knowing if others had seen this definition of where a firewall
should go (other than being at the mentioned session). These "preferred
answers/definitions" should be know to all in the interest of fairness. 
I would never think of putting a firewall between the modem and the internet
cloud, unless it was in reference to some firewalling provided by the ISP.
Cheers
Don

-----Original Message-----
From: sofdev-bounces at edulists.com.au [mailto:sofdev-bounces at edulists.com.au]
On Behalf Of Kevin Feely
Sent: Thursday, 20 November 2008 12:13 PM
To: Year 12 Software Development Teachers' Mailing List
Subject: Re: [Year 12 SofDev] Exam Question C9

Hi Kevork,
snip ....


> 1. Section A Q 17 . Terrible question. 
>    The only workable answer given the topology, is to have a dedicated
firewall on segment 3. Segment 4 is outside the control of the organisation.
The ISP controls Segment 4 and allocated an IP address to the modem
interface to allow it to speak with the ISP. If a firewall is placed in
segment 4 the network will not function as the modem will not be able to
speak to the ISP. 
>   Kevin , you make a good point about not having your router exposed to
attacks by having the firewall at segment 3. That is why this is a bad
question. Because ideally the firewall should be between the router and the
modem. However, corporate solutions place the dedicated firewall if that is
what we MUST use ( separate box ) at segment 3 because the router is just
that, doing routing ( path selection and steering of packets to the right
interface or perhaps some Network address translation where internal private
addresses can be translated to live addresses and/or even acting as a DHCP
server) and not much more. 
>
>  The firewall would be best placed as a part of the router on the
router/modem. 
>   
..... unsnip
Yep, absolutely. And i presented this view at the end of a session by 
Maggie at Melb Uni earlier this year. i was told (not by Maggie) but by 
someone involved in the final decision making process that as far as SD 
was concerned a firewall had to be put as the last device before the 
internet cloud, after the modem/router, and it couldn't be a software 
solution or as part of the router configuration. Unfortunately in my now 
more accepting character i let this go. So my answer is not only what i 
told my students, it is what i was told by a member of the SD panel, 
even tho it is incorrect. such is life?

regards
Kevin


Important - This email and any attachments may be confidential. If received
in error, please contact us and delete all copies. Before opening or using
attachments check them for viruses and defects. Regardless of any loss,
damage or consequence, whether caused by the negligence of the sender or
not, resulting directly or indirectly from the use of any attached files our
liability is limited to resupplying any affected attachments. Any
representations or opinions expressed are those of the individual sender,
and not necessarily those of the Department of Education and Early Childhood
Development.
_______________________________________________
http://www.edulists.com.au
IT Software Development Mailing List kindly supported by
http://www.vcaa.vic.edu.au - Victorian Curriculum and Assessment Authority
and
http://www.vitta.org.au/vce/studies/infotech/softwaredevel3-4.html  - VITTA
Victorian Information Technology Teachers Association Inc

More information about the sofdev mailing list