Security Basics mailing list archives
RE: Question about dmz security
From: "Daniel R. Miessler" <danielrm26 () hotmail com>
Date: Mon, 17 Feb 2003 19:14:20 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
what is the "best" way to implement this configuration?
Well, you are right that you don't want two NICs in the FTP server, but remember that you also don't need to pass anything from the FTP server into the LAN. Most good firewalls these days can handle the complexities of FTP connections well enough that they don't require statically assigned paths into protected networks for clients behind the firewall to be able to use FTP with a host outside of it. In short, you simply allow OUTBOUND connections (from your protected network to your FTP server in the DMZ) through your firewall, and this will enable you to use the resource while still not letting any new connections from the DMZ (including your FTP server) to your internal LAN. - -danielrm26 -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPlF6z1Jwf7WiYT5vEQLZzQCguOuH6m1PVPbUs/UK3CEf1K8o1wEAoIW1 JX+jNUtpO1oUNKjaqxN0XbGZ =JI/x -----END PGP SIGNATURE-----
Current thread:
- Re: Question about dmz security, (continued)
- Re: Question about dmz security David M. Fetter (Feb 17)
- RE: Question about dmz security Peter Hamilton (Feb 17)
- RE: Question about dmz security Michael Cunningham (Feb 17)
- RE: Question about dmz security Burton M. Strauss III (Feb 17)
- Re: Question about dmz security Chuck Swiger (Feb 17)
- Re: Question about dmz security mlh (Feb 18)
- Re: Question about dmz security Chuck Swiger (Feb 19)
- Re: Question about dmz security mlh (Feb 18)
- RE: Question about dmz security David Gillett (Feb 19)
- Re: Question about dmz security Chris Berry (Feb 17)
- Question about dmz security John Tolmachoff (Feb 17)
- RE: Question about dmz security Daniel R. Miessler (Feb 18)
- RE: Question about dmz security Jeremy Gaddis (Feb 20)
- RE: Question about dmz security Daniel R. Miessler (Feb 18)
- Re: Question about dmz security abretten (Feb 17)
- RE: Question about dmz security Garbrecht, Frederick (Feb 17)
- RE: Question about dmz security Marc Suttle (Feb 17)