[Dshield] Multi- Honed Servers
russ.washington at vaultsentry.com
Tue May 28 18:47:33 GMT 2002
If you're talking about multihoming servers whose purpose is something other
than security (or at least acting as a VPN gateway), this is probably a
really bad idea. Security should be left to the firewall(s).
If you're talking about a server acting as a VPN gateway, that's still not
the best idea, but if it's behind a firewall itself you could restrict the
kind of traffic that can hit the 'public' side.
If you're talking about a server that *is* a firewall, like Checkpoint or
something, that's still not the best (my bias-- I don't like firewalls that
sit on top of a favorite-target OS with a well-known rep for security
holes), but it's better than the VPN gateway-only option.
Those are just some preliminaries, since you didn't describe what kind of
topology these multihomed boxes are going to live in... Hope it helps.
From: rhilliard at t-systemsus.com [mailto:rhilliard at t-systemsus.com]
Sent: Tuesday, May 28, 2002 9:27 AM
To: list at dshield.org
Subject: [Dshield] Multi- Honed Servers
I am researching the security practice of using multiple network
interfaces in servers. I don't have a recommendation either way yet, it
seems that throwing more interface cards into a server may not be the best
way to secure networks. It seems a little more like "hiding" a network as
opposed to securing it. I am looking for any thoughts on this
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list