[Dshield] Multi- Honed Servers

Samantha Fetter sama at enteract.com
Thu May 30 12:59:42 GMT 2002


Just to throw another 2cents in here, where I work we also don't allow
crossing a firewall boundary on switches, i.e. having the two
separate VLANs from either side of the firewalls on the same switch.

Cheers,
Samantha

> > I getting a lot of requests to put NIC's into servers that will actaully 
> > bypass the firewalls. Thanks for the point in the right direction.
> 
> Maybe it's just me, but doesn't that completely defeat the purpose of a firewall?
> 
> Assuming a non-routing server with NICs on the external network and
> NICs on the internal network, it becomes rather trivial to leapfrog
> the firewall and have complete access to the internal network...




More information about the list mailing list