Security Basics mailing list archives
Question about dmz security
From: "John Tolmachoff" <sflist-secbasic () reliance net>
Date: Fri, 14 Feb 2003 16:04:55 -0800
I need an opinion on a current design implementation in place. We have an ftp server sitting in our dmz. This box has two nics - one is plugged into the dmz hub and one is plugged into our network. I think this is a security risk and we should just allow internal users access to the box via the firewall by opening the port instead of having dual nics. they do not see a security risk. maybe i am just too new at this and need some education. what is the "best" way to implement this configuration?
What part of when the computer gets compromised (That is why it is in the DMZ in the first place) and the hacker now has complete access to the internal network do they not understand? The purpose of a DMZ zone is an untrusted no mans land that is exposed to the Internet while being separated from the internal LAN. Having a NIC on the Internal network on a computer in the DMZ is providing a direct link for the Internet into your LAN. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com
Current thread:
- Re: Question about dmz security, (continued)
- Re: Question about dmz security Johan Denoyer (Feb 17)
- Re: Question about dmz security David M. Fetter (Feb 17)
- RE: Question about dmz security Peter Hamilton (Feb 17)
- RE: Question about dmz security Michael Cunningham (Feb 17)
- RE: Question about dmz security Burton M. Strauss III (Feb 17)
- Re: Question about dmz security Chuck Swiger (Feb 17)
- Re: Question about dmz security mlh (Feb 18)
- Re: Question about dmz security Chuck Swiger (Feb 19)
- Re: Question about dmz security mlh (Feb 18)
- RE: Question about dmz security David Gillett (Feb 19)
- Re: Question about dmz security Chris Berry (Feb 17)
- Question about dmz security John Tolmachoff (Feb 17)
- RE: Question about dmz security Daniel R. Miessler (Feb 18)
- RE: Question about dmz security Jeremy Gaddis (Feb 20)
- RE: Question about dmz security Daniel R. Miessler (Feb 18)
- Re: Question about dmz security abretten (Feb 17)
- RE: Question about dmz security Garbrecht, Frederick (Feb 17)
- RE: Question about dmz security Marc Suttle (Feb 17)