[Dshield] Multi- Honed Servers
mark.rowlands at minmail.net
Tue May 28 19:08:57 GMT 2002
On Tuesday 28 May 2002 6:27 pm, rhilliard at t-systemsus.com wrote:
> I am researching the security practice of using multiple network
> interfaces in servers.
homework is it then ;-)
> I don't have a recommendation either way yet, it
> seems that throwing more interface cards into a server may not be the best
> way to secure networks.
I don't see how it achieves.
> It seems a little more like "hiding" a network as
> opposed to securing it.
I don't see how it achieves this either.
> I am looking for any thoughts on this
here are some thoughts :-
the safest server is one without network cards, keyboard, mouse or monitor.
That given, it is rather irrelevant, having more or less network cards makes
no difference unless it is to separate networks and then access is policed by
some form of rules based routing.
I suppose you could argue that adding interfaces can remove the single point
of failure and I would always do that in any vaguely important machine.
I have seen a network where multiple network cards were used in terminal
servers which were then plugged into both sides of a firewall effectively
bypassing the firewall that was supposed to protect them!
More information about the list