Security Basics mailing list archives
RE: Question about dmz security
From: "Peter Hamilton" <peter () rtfm co nz>
Date: Sat, 15 Feb 2003 14:48:02 +1300
Goodness. I'm no security guru, just a humble engineer, but when you described the scenario you're running, my hairs stood on end. I would never allow a host in a DMZ to have direct access to the production network. All you need is the FTP server to be compromised and *boof* you've practically laid out the welcome mat to a hacker. If that's all this box does is FTP, then I'd recommend rules on your firewall to just let FTP to this host through the firewall. Cheers, Peter Hamilton -----Original Message----- From: Jennifer Fountain [mailto:JFountain () rbinc com] Sent: Saturday, 15 February 2003 08:42 a.m. To: security-basics () securityfocus com Subject: Question about dmz security I need an opinion on a current design implementation in place. We have an ftp server sitting in our dmz. This box has two nics - one is plugged into the dmz hub and one is plugged into our network. I think this is a security risk and we should just allow internal users access to the box via the firewall by opening the port instead of having dual nics. they do not see a security risk. maybe i am just too new at this and need some education. what is the "best" way to implement this configuration? Thank you Jenn Fountain
Current thread:
- Question about dmz security Jennifer Fountain (Feb 14)
- Re: Question about dmz security Johan Denoyer (Feb 17)
- Re: Question about dmz security David M. Fetter (Feb 17)
- RE: Question about dmz security Peter Hamilton (Feb 17)
- RE: Question about dmz security Michael Cunningham (Feb 17)
- RE: Question about dmz security Burton M. Strauss III (Feb 17)
- Re: Question about dmz security Chuck Swiger (Feb 17)
- Re: Question about dmz security mlh (Feb 18)
- Re: Question about dmz security Chuck Swiger (Feb 19)
- Re: Question about dmz security mlh (Feb 18)
- RE: Question about dmz security David Gillett (Feb 19)
- <Possible follow-ups>
- Re: Question about dmz security Chris Berry (Feb 17)
- Question about dmz security John Tolmachoff (Feb 17)
- RE: Question about dmz security Daniel R. Miessler (Feb 18)
- RE: Question about dmz security Jeremy Gaddis (Feb 20)
- RE: Question about dmz security Daniel R. Miessler (Feb 18)
(Thread continues...)