mailing list archives
RE: DMZ and VPN
From: "Fields, James" <James.Fields () bcbsfl com>
Date: Tue, 18 Feb 2003 12:40:47 -0500
I'm not sure understand the question. You mean having the same box acting as
both a DMZ FTP server and also an endpoint for VPN tunnels? That's
seriously complicating things. Primary rule for security: simplify. If
you can't figure out the implications of doing something, you probably can't
secure it. In this particular case, if you landed VPNs on a DMZ host, you'd
have to allow that host unfettered access through the firewall OR give it an
internal nic. Both are terrible options; in fact, at my company, NEITHER
From: Security Manager [mailto:sec_man1234 () yahoo com]
Sent: Monday, February 17, 2003 12:30 PM
To: security-basics () securityfocus com
Subject: DMZ and VPN
I've been following the thread on FTP servers in the DMZ with interest.
I'm curious as to how it applies to a server providing VPN access using
Win2k Server's Routing and Remote Access.
Given that the VPN is supposed to give access to the private network to
external clients (who can authenticate) how can you avoid having at
least one interface on the local network? Surely the best you can do is
have one interface on the private network, and the other in a DMZ
(behind the firewall) - but you've still the problem if the VPN provider
How do you solve that one?
TIA - SecMan.
Blue Cross Blue Shield of Florida, Inc., and its subsidiary and
affiliate companies are not responsible for errors or omissions in this e-mail message. Any personal comments made in
this e-mail do not reflect the views of Blue Cross Blue Shield of Florida, Inc.
- DMZ and VPN Security Manager (Feb 18)
- <Possible follow-ups>
- Re: DMZ and VPN abretten (Feb 18)
- RE: DMZ and VPN Fields, James (Feb 18)