[Dshield] Multi- Honed Servers

Joshua Krage jkrage at guisarme.net
Wed May 29 02:32:14 GMT 2002


On Tue, May 28, 2002 at 11:27:06AM -0500, rhilliard at t-systemsus.com wrote:
> I am researching the security practice of using multiple network 
> interfaces in servers. I don't have a recommendation either way yet,  it 
> seems that throwing more interface cards into a server may not be the best 
> way to secure networks. It seems a little more like "hiding" a network as 
> opposed to securing it. I am looking for any thoughts on this

It depends.

If the multi-homed networks are on networks of differing security levels
(such as inside versus outside of the firewall), then this is can be a
bad thing.  If the various networks are under the same security level,
then the risk is reduced.  Having all of the various networks under the
same administrative control can really help.  But it really depends on
what you're doing.

There are situations where a multi-homed host can be advantageous.  One
case is a low-cost storage area network (SAN-a-like).  Put the "public"
interface on the public network with only the minimally necessary
services, such as a web server.  Put a second interface in the system
with a connection to a network containing other servers and the network
attached storage system.  In theory, if your web server is secure, then
your SAN-a-like is secure.

In most environments, the SAN-a-like should not be connected to another
network; i.e. it should be isolated and accessible only by the necessary
systems.

The use of multiple interfaces can help to maintain a robust exterior
presence, but with some of the convenience of less-secure protocols
or environments, that remain unaccessible from outside.

That said, you need to clearly understand the risks of such a scenario.
Its certainly more complex, and there are more contingent risks to
consider.  If the public box is compromised, then your other network
segment is at risk.  But what if that risk is less than .00000001 per
annum?  Is it worth it then?  If your alternate plan has a higher risk?

Like most things in this industry, simple answers don't work for all
cases.  The best answer is frequently "it depends". :)




More information about the list mailing list