Security Basics mailing list archives
RE: shared home directory placement
From: "Kevin Ortloff" <Kevin.Ortloff () j2global com>
Date: Mon, 7 Jan 2008 08:03:55 -0800
you can have more than one DMZ. Like I have a production DMZ and a private DMZ. So it's not a terrible idea to do this.... You should just make sure your firewall ACL's are good and only allows LAN access. You might also want to put the unix folks on a different vlan for ease of maintenance. Then you should be rock solid. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jason Sent: Monday, January 07, 2008 7:46 AM To: security-basics () securityfocus com Subject: shared home directory placement hello all, I have a best practices question. I have a large pool of unix folks that have shared storage for home directories (NFS). Right now, they only have access to these directories from systems that are located in the TRUST zone of our network, but we are redesigning things to segment systems further which will put some systems into a less trusted zone. When it's all said and done, hosts that will be in a dmz and hosts that will be in trust will still need access to this NFS server. What I was wondering is if it would be a Terrible Idea to move the NFS server into a DMZ of it's own, out of the Trust zone, and allow access to it from the hosts in different DMZs as well as hosts in the trust zone. If the NFS server is compromised by an upstream system, policy won't allow that system to initiate connections outside of it's own DMZ. I guess the short question is have any of you setup shared storage that is accessible from trusted and non trusted zones? -- Jason Luck favors the prepared This email, its contents and attachments contain information from j2 Global Communications, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies.
Current thread:
- shared home directory placement Jason (Jan 07)
- RE: shared home directory placement Kevin Ortloff (Jan 07)
- Re: shared home directory placement Mike Lococo (Jan 07)
- Message not available
- Re: shared home directory placement Mike Lococo (Jan 07)
- Message not available