Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] slightly OT - multihoming (?)

To: [email protected]
Subject: Re: [FW-1] slightly OT - multihoming (?)
From: Cheth Cheth <[email protected]>
Date: Mon, 27 May 2002 13:12:59 +0100
References: <000201c20570$81fd6aa0$e4060b0a@uklukxp1>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

For my 2c....

This is a VERY BAD practice.

The reason why you use a DMZ for your server(s), rather than leaving them on
your secured internal LAN, is incase it is compromised. Once on the
compromised box on the DMZ, you only get a free go at attacking the rest of
the machines on the DMZ. In your configuration, you get a free go at all of
your precious internal servers.

I had to educate some colleague that had done the same thing a few years
ago.

Regards,

C.

----- Original Message -----
From: "Richard Marshall" <[email protected]>
To: <[email protected]>
Sent: Monday, May 27, 2002 12:20 PM
Subject: [FW-1] slightly OT - multihoming (?)


> Hello,
>
> Sorry this is slightly off-topic, but I can't find any appropriate
> information on the net.
>
> I need to know how 'safe' mutlihoming a computer is....
>
> Some of my collegues have built a backup computer (veritas software,
> routing disabled - I hope!!) that has 2 NICs in it. One with an IP on
> our public facing DMZ, one with an IP on our secure internal LAN. I am
> strongly against this setup as I feel it compromises the security of our
> internal LAN, but I can't find any information that will confirm or deny
> this. Could someone please advise me, or know any where that I can find
> some specific information on this?
>
> Thanks in advance
>
> rich
>
>
> Richard Marshall
> Network Systems Manager
> NetDoktor
> Tel: + 44 20 7681 8470
> Mobile: + 44 7980 865 306
> MSN Messenger: [email protected]
> E-mail: [email protected]
> http://www.netdoktor.com
> -----------------------
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] slightly OT - multihoming (?)
  - From: Richard Marshall <[email protected]>

References:
- [FW-1] slightly OT - multihoming (?)
  - From: Richard Marshall <[email protected]>

Prev by Date: Re: [FW-1] slightly OT - multihoming (?)
Next by Date: Re: [FW-1] slightly OT - multihoming (?)
Previous by thread: Re: [FW-1] slightly OT - multihoming (?)
Next by thread: Re: [FW-1] slightly OT - multihoming (?)
Index(es):
- Date
- Thread