Re: Question about dmz security

[Chuck Swiger <cswiger () mac com>]

Jennifer Fountain wrote:
> I need an opinion on a current design implementation in place.  We have
> an ftp server sitting in our dmz.  This box has two nics - one is
> plugged into the dmz hub and one is plugged into our network.  I think
> this is a security risk and we should just allow internal users access
> to the box via the firewall by opening the port instead of having dual
> nics.

It is a security risk, yes.  If an intruder gains access to the FTP 
server, this dual-homed machine will also grant access to the internal 
network; by going around (not through) the firewall between your DMZ and 
internal network.

> they do not see a security risk. maybe i am just too new at this
> and need some education.

If so, there are probably worse places to begin than thinking the 
situation over carefully, and then double-checking with others to see 
whether you were right.

> what is the "best" way to implement this configuration?

Your suggested approach is the '"best" way', for that configuration.

However, better configurations may also be possible: in particular, if 
your users can use scp (sftp, rsync, etc) to access the FTP server. 
Authenticated access should be encrypted if possible.

If one's users aren't able or willing to switch, I'd even consider 
setting up an internal-only FTP server which gets rsync'ed to the 
anonymous FTP server in your DMZ.  One could do so via cron every 
minute, or one could use the internal FTP server as a staging area. 
Before pushing changes live, you could do something like scan for 
virusses, double-check that the archives are not corrupted, or whatever 
else might be appropriate.

-Chuck