[Dshield] Multi- Honed Servers

Johannes Ullrich jullrich at sans.org
Thu May 30 14:21:48 GMT 2002


I know I am coming in late on this topic...

 > I getting a lot of requests to put NIC's into servers that will
actaully 
 > bypass the firewalls. Thanks for the point in the right direction.

Thats a TERRIBLE thing to do. Same issue as rogue dial-up modems on
LANs. It completely defeats the purpose of a firewall.

Every connection to the outside needs a firewall. How this is
implemented in detail depends largely on the local needs and means.
Most of the time, people use two physical firewall boxes for fail-over.


 
-- 
---------------------------------------------------------------
jullrich at sans.org             Collaborative Intrusion Detection         
                                     join http://www.dshield.org




More information about the list mailing list