Home page logo

basics logo Security Basics mailing list archives

RE: Question about dmz security
From: "Peter Hamilton" <peter () rtfm co nz>
Date: Sat, 15 Feb 2003 14:48:02 +1300

Goodness. I'm no security guru, just a humble engineer, but when you
described the scenario you're running, my hairs stood on end. I would never
allow a host in a DMZ to have direct access to the production network. All
you need is the FTP server to be compromised and *boof* you've practically
laid out the welcome mat to a hacker. If that's all this box does is FTP,
then I'd recommend rules on your firewall to just let FTP to this host
through the firewall.

Peter Hamilton

-----Original Message-----
From: Jennifer Fountain [mailto:JFountain () rbinc com]
Sent: Saturday, 15 February 2003 08:42 a.m.
To: security-basics () securityfocus com
Subject: Question about dmz security

I need an opinion on a current design implementation in place.  We have
an ftp server sitting in our dmz.  This box has two nics - one is
plugged into the dmz hub and one is plugged into our network.  I think
this is a security risk and we should just allow internal users access
to the box via the firewall by opening the port instead of having dual
nics.  they do not see a security risk. maybe i am just too new at this
and need some education.  what is the "best" way to implement this

Thank you
Jenn Fountain

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]