[Dshield] Multi- Honed Servers

rhilliard@t-systemsus.com rhilliard at t-systemsus.com
Tue May 28 19:26:21 GMT 2002

This is part of the homework. ;-)

I getting a lot of requests to put NIC's into servers that will actaully 
bypass the firewalls. Thanks for the point in the right direction.


Mark Rowlands <mark.rowlands at minmail.net>
05/28/2002 02:08 PM

        To:     list at dshield.org, rhilliard at t-systemsus.com
        Subject:        Re: [Dshield] Multi- Honed Servers

On Tuesday 28 May 2002 6:27 pm, rhilliard at t-systemsus.com wrote:
> I am researching the security practice of using multiple network
> interfaces in servers.

homework is it then ;-)

> I don't have a recommendation either way yet,  it
> seems that throwing more interface cards into a server may not be the 
> way to secure networks. 

I don't see how it achieves.

> It seems a little more like "hiding" a network as
> opposed to securing it. 

I don't see how it achieves this either.

> I am looking for any thoughts on this

here are some thoughts :-

the safest server is one without network cards, keyboard, mouse or 

That given, it is rather irrelevant, having more or less network cards 
no difference unless it is to separate networks and then access is policed 
some form of rules based routing. 

I suppose you could argue that adding interfaces can remove the single 
of failure and I would always do that in any vaguely important machine.

I have seen a network where multiple network cards were used in terminal 
servers which were then plugged into both sides of a firewall effectively 
bypassing the firewall that was supposed to protect them!

More information about the list mailing list