Home page logo

basics logo Security Basics mailing list archives

Question about dmz security
From: "John Tolmachoff" <sflist-secbasic () reliance net>
Date: Fri, 14 Feb 2003 16:04:55 -0800

I need an opinion on a current design implementation in place.  We have
an ftp server sitting in our dmz.  This box has two nics - one is
plugged into the dmz hub and one is plugged into our network.  I think
this is a security risk and we should just allow internal users access
to the box via the firewall by opening the port instead of having dual
nics.  they do not see a security risk. maybe i am just too new at this
and need some education.  what is the "best" way to implement this

What part of when the computer gets compromised (That is why it is in the
DMZ in the first place) and the hacker now has complete access to the
internal network do they not understand?

The purpose of a DMZ zone is an untrusted no mans land that is exposed to
the Internet while being separated from the internal LAN. Having a NIC on
the Internal network on a computer in the DMZ is providing a direct link for
the Internet into your LAN.

John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA  92835

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]