Home page logo
/

basics logo Security Basics mailing list archives

Re: Question about dmz security
From: mlh () zip com au
Date: Tue, 18 Feb 2003 12:38:35 +1100

On Sat, Feb 15, 2003 at 01:11:27PM -0500, Chuck Swiger wrote:
 > what is the "best" way to implement this configuration?

Your suggested approach is the '"best" way', for that configuration.

However, better configurations may also be possible: in particular, if 
your users can use scp (sftp, rsync, etc) to access the FTP server. 
Authenticated access should be encrypted if possible.

Easier for the admin and the users would be to put squid
on the box, and have it proxy ftp.

After removing access to the internal lan of course,
moving it to properly within the dmz.

Matt


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]