Home page logo

basics logo Security Basics mailing list archives

RE: Question about dmz security
From: Michael Cunningham <crayola () optonline net>
Date: Fri, 14 Feb 2003 23:40:38 -0500

I need an opinion on a current design implementation in 
place.  We have
an ftp server sitting in our dmz.  This box has two nics - one is
plugged into the dmz hub and one is plugged into our network.  I think
this is a security risk and we should just allow internal users access
to the box via the firewall by opening the port instead of having dual
nics.  they do not see a security risk. maybe i am just too 
new at this
and need some education.  what is the "best" way to implement this

The best way is as you suggested.. 

Just have one nic and force all traffic through the firewall. 
That is a whole point of a DMZ. In your current setup.. if someone 
compromises the ftp server they will have access to your 
entire internal network without any firewall in their way. 


Michael J. Cunningham (CISSP, SCNA, SCSA, CCSA)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]