Security Basics mailing list archives
RE: Question about dmz security
From: Michael Cunningham <crayola () optonline net>
Date: Fri, 14 Feb 2003 23:40:38 -0500
I need an opinion on a current design implementation in place. We have an ftp server sitting in our dmz. This box has two nics - one is plugged into the dmz hub and one is plugged into our network. I think this is a security risk and we should just allow internal users access to the box via the firewall by opening the port instead of having dual nics. they do not see a security risk. maybe i am just too new at this and need some education. what is the "best" way to implement this configuration?
The best way is as you suggested.. Just have one nic and force all traffic through the firewall. That is a whole point of a DMZ. In your current setup.. if someone compromises the ftp server they will have access to your entire internal network without any firewall in their way. Mike -- Michael J. Cunningham (CISSP, SCNA, SCSA, CCSA)
Current thread:
- Question about dmz security Jennifer Fountain (Feb 14)
- Re: Question about dmz security Johan Denoyer (Feb 17)
- Re: Question about dmz security David M. Fetter (Feb 17)
- RE: Question about dmz security Peter Hamilton (Feb 17)
- RE: Question about dmz security Michael Cunningham (Feb 17)
- RE: Question about dmz security Burton M. Strauss III (Feb 17)
- Re: Question about dmz security Chuck Swiger (Feb 17)
- Re: Question about dmz security mlh (Feb 18)
- Re: Question about dmz security Chuck Swiger (Feb 19)
- Re: Question about dmz security mlh (Feb 18)
- RE: Question about dmz security David Gillett (Feb 19)
- <Possible follow-ups>
- Re: Question about dmz security Chris Berry (Feb 17)
- Question about dmz security John Tolmachoff (Feb 17)
- RE: Question about dmz security Daniel R. Miessler (Feb 18)
- RE: Question about dmz security Jeremy Gaddis (Feb 20)
- RE: Question about dmz security Daniel R. Miessler (Feb 18)
- Re: Question about dmz security abretten (Feb 17)
(Thread continues...)