[Dshield] Multi- Honed Servers
sama at enteract.com
Thu May 30 12:59:42 GMT 2002
Just to throw another 2cents in here, where I work we also don't allow
crossing a firewall boundary on switches, i.e. having the two
separate VLANs from either side of the firewalls on the same switch.
> > I getting a lot of requests to put NIC's into servers that will actaully
> > bypass the firewalls. Thanks for the point in the right direction.
> Maybe it's just me, but doesn't that completely defeat the purpose of a firewall?
> Assuming a non-routing server with NICs on the external network and
> NICs on the internal network, it becomes rather trivial to leapfrog
> the firewall and have complete access to the internal network...
More information about the list