Home page logo

basics logo Security Basics mailing list archives

RE: Question about dmz security
From: Marc Suttle <marc.suttle () anidirect com>
Date: Mon, 17 Feb 2003 11:25:43 -0600

You could have a dedicated nick on the dmz going to a dedicated nick on the
internal network.  However I would just recommend you disable that nick and
put the traffic rules you need on the firewall for the dmz to internal.


-----Original Message-----
From: David M. Fetter [mailto:dfetter () setec-astronomy biz]
Sent: Friday, February 14, 2003 5:49 PM
To: Jennifer Fountain
Cc: security-basics () securityfocus com
Subject: Re: Question about dmz security

That's definitely a security risk because that system essentially 
bypasses your firewall altogether.  You are right in your suggestion.

Jennifer Fountain wrote:
I need an opinion on a current design implementation in place.  We have
an ftp server sitting in our dmz.  This box has two nics - one is
plugged into the dmz hub and one is plugged into our network.  I think
this is a security risk and we should just allow internal users access
to the box via the firewall by opening the port instead of having dual
nics.  they do not see a security risk. maybe i am just too new at this
and need some education.  what is the "best" way to implement this

Thank you
Jenn Fountain

David M. Fetter (MegaSurge) - http://www.setec-astronomy.biz/

"The world is full of power and energy and a person can go far by just 
skimming off a tiny bit of it." Neal Stephenson - Snow Crash

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]