[Dshield] Multi- Honed Servers
rhilliard at t-systemsus.com
Tue May 28 19:26:21 GMT 2002
This is part of the homework. ;-)
I getting a lot of requests to put NIC's into servers that will actaully
bypass the firewalls. Thanks for the point in the right direction.
Mark Rowlands <mark.rowlands at minmail.net>
05/28/2002 02:08 PM
To: list at dshield.org, rhilliard at t-systemsus.com
Subject: Re: [Dshield] Multi- Honed Servers
On Tuesday 28 May 2002 6:27 pm, rhilliard at t-systemsus.com wrote:
> I am researching the security practice of using multiple network
> interfaces in servers.
homework is it then ;-)
> I don't have a recommendation either way yet, it
> seems that throwing more interface cards into a server may not be the
> way to secure networks.
I don't see how it achieves.
> It seems a little more like "hiding" a network as
> opposed to securing it.
I don't see how it achieves this either.
> I am looking for any thoughts on this
here are some thoughts :-
the safest server is one without network cards, keyboard, mouse or
That given, it is rather irrelevant, having more or less network cards
no difference unless it is to separate networks and then access is policed
some form of rules based routing.
I suppose you could argue that adding interfaces can remove the single
of failure and I would always do that in any vaguely important machine.
I have seen a network where multiple network cards were used in terminal
servers which were then plugged into both sides of a firewall effectively
bypassing the firewall that was supposed to protect them!
More information about the list