Home page logo
/

basics logo Security Basics mailing list archives

RE: Question about dmz security
From: "Daniel R. Miessler" <danielrm26 () hotmail com>
Date: Mon, 17 Feb 2003 19:14:20 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

what is the "best" way to implement this
configuration?

Well, you are right that you don't want two NICs in the FTP server,
but remember that you also don't need to pass anything from the FTP
server into the LAN.  Most good firewalls these days can handle the
complexities of FTP connections well enough that they don't require
statically assigned paths into protected networks for clients behind
the firewall to be able to use FTP with a host outside of it.

In short, you simply allow OUTBOUND connections (from your protected
network to your FTP server in the DMZ) through your firewall, and
this will enable you to use the resource while still not letting any
new connections from the DMZ (including your FTP server) to your
internal LAN.

- -danielrm26

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPlF6z1Jwf7WiYT5vEQLZzQCguOuH6m1PVPbUs/UK3CEf1K8o1wEAoIW1
JX+jNUtpO1oUNKjaqxN0XbGZ
=JI/x
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]