Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Question about dmz security

From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 18 Feb 2003 13:53:39 -0800
-----Original Message-----
From: Jennifer Fountain [mailto:JFountain () rbinc com]
Sent: February 14, 2003 11:42
To: security-basics () securityfocus com
Subject: Question about dmz security

I need an opinion on a current design implementation in 
place.  We have
an ftp server sitting in our dmz.  This box has two nics - one is
plugged into the dmz hub and one is plugged into our network.  I think
this is a security risk and we should just allow internal users access
to the box via the firewall by opening the port instead of having dual
nics.  they do not see a security risk. maybe i am just too 
new at this
and need some education.  what is the "best" way to implement this
configuration? 


  The POINT of a DMZ is that a firewall mediates traffic between one or
more somewhat-exposed servers and the secured internal network.  The 
private-network NIC on this box is bypassing that, and must be removed.

  The firewall rules which limit traffic between the DMZ and the private
network should not allow servers in the DMZ to initiate connections into
the private network, and should restrict the protocols by which internal
hosts are permitted to initiate connections into the DMZ.

David Gillett
Previous By Date Next
Previous By Thread Next

Current thread: