Security Basics mailing list archives
Re: DMZ, Tape Backup and Security
From: "Anders Reed Mohn" <anders_rm () utepils com>
Date: Thu, 19 Jun 2003 14:19:34 +0200
Erik, here's how I would reason if I were to set this up.
Scenario 1: Put a tape unit/software in the DMZ and another one on the LAN to have everything separate. Plus side: No hole in DMZ Firewall Down Side: Cost (2 unit/software), 2 sofware to manage
Using identical software, management should not be too difficult. After all, backup software tends to have a pretty static configuration (compared to firewalls, for instance, which demand constant attention) At least, that is my experience.
Senario 2: Change firewall rules to give acces from DMZ to LAN. Plus side: Cost less and easyer management
That isn't entirely correct. In your own words:
it is using RPC so it is a realy hard to set Firewall rules)
Complexity is one of your worst enemies when it comes to security. More complex FW-management is a threat to your security, and it costs more to maintain.
Scenario 3: Have one server with 2 NIC. On on LAN and on on DMZ.
Absolutely out of the question. This solution completely destroys the point of having a DMZ in the first place. If FW-setup (scenario 2) is non-trivial, I would definetly go with scenario #1. Cheers, Anders :) --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- DMZ, Tape Backup and Security Erik Vincent (Jun 18)
- Re: DMZ, Tape Backup and Security Anders Reed Mohn (Jun 19)
- Re: DMZ, Tape Backup and Security Peter Pekala (Jun 20)
- <Possible follow-ups>
- Fw: DMZ, Tape Backup and Security holger.reichert (Jun 19)
- RE: DMZ, Tape Backup and Security Matthew Crape (Jun 19)