[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] slightly OT - multihoming (?)
Hi, Thanks for all your replies so far. The problem is that I know it's very bad practice, but I need to show my collegues a document, link, etc. that says it, and why. ..perhaps I should just build a single page website saying it's bad practice and hope they go for it.... rich the new box is being built on debian, if that's any help with regards to securing it - if they are going to insist that it stays multihomed. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Cheth Cheth Sent: 27 May 2002 13:13 To: [email protected] Subject: Re: [FW-1] slightly OT - multihoming (?) For my 2c.... This is a VERY BAD practice. The reason why you use a DMZ for your server(s), rather than leaving them on your secured internal LAN, is incase it is compromised. Once on the compromised box on the DMZ, you only get a free go at attacking the rest of the machines on the DMZ. In your configuration, you get a free go at all of your precious internal servers. I had to educate some colleague that had done the same thing a few years ago. Regards, C. ----- Original Message ----- From: "Richard Marshall" <[email protected]> To: <[email protected]> Sent: Monday, May 27, 2002 12:20 PM Subject: [FW-1] slightly OT - multihoming (?) > Hello, > > Sorry this is slightly off-topic, but I can't find any appropriate > information on the net. > > I need to know how 'safe' mutlihoming a computer is.... > > Some of my collegues have built a backup computer (veritas software, > routing disabled - I hope!!) that has 2 NICs in it. One with an IP on > our public facing DMZ, one with an IP on our secure internal LAN. I am > strongly against this setup as I feel it compromises the security of > our internal LAN, but I can't find any information that will confirm > or deny this. Could someone please advise me, or know any where that I > can find some specific information on this? > > Thanks in advance > > rich > > > Richard Marshall > Network Systems Manager > NetDoktor > Tel: + 44 20 7681 8470 > Mobile: + 44 7980 865 306 > MSN Messenger: [email protected] > E-mail: [email protected] > http://www.netdoktor.com > ----------------------- > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|