|
Home > Archive > IIS Server Security > January 2006 > Dual NIC - Seperate Red and Green Side Network on Same Machine
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Dual NIC - Seperate Red and Green Side Network on Same Machine
|
|
| JumpingMattFlash 2006-01-06, 7:58 am |
| I'm trying to avoid a problem which we've got with our current web server
setup.
For any of the servers which we have in the DMZ for web access - i.e. our
web servers, these do not have access to our internal network. For obvious
reasons.
However we've just taken delivery of a nice new server with dual NIC's. I'm
wondering if there is a way in which we can securely assign one nic in the
DMZ which will only answer to IIS related activities, and use the other nic
for internal use, administration, remote desktop etc.
Many thanks in advance,
Matt Brooke
--
=============
VB .NET Developer
http://www.rocketscience.uk.com
| |
| Phil Frisbie, Jr. 2006-01-06, 5:56 pm |
| JumpingMattFlash wrote:
> I'm trying to avoid a problem which we've got with our current web server
> setup.
You did not specify the problem....
> For any of the servers which we have in the DMZ for web access - i.e. our
> web servers, these do not have access to our internal network. For obvious
> reasons.
Obviously.
> However we've just taken delivery of a nice new server with dual NIC's. I'm
> wondering if there is a way in which we can securely assign one nic in the
> DMZ which will only answer to IIS related activities, and use the other nic
> for internal use, administration, remote desktop etc.
Yes you can, but if you connect the second NIC directly to your internal network
you have just punched a hole in your firewall! Think about it. If your web
server is compromised it can be used as a jumping off point into your internal
network. And if you put another firewall between it and your internal network
then you might just as well go through your DMZ anyway.
Of course, there are ways that second NIC could be useful. Maybe if your
administrators are on an isolated LAN there could be advantages to setting up a
second firewall that had different security settings to the web server.
Or some use that second NIC to connect to a database server.
But the main use of a second NIC on a server is for redundancy.
> Many thanks in advance,
> Matt Brooke
--
Phil Frisbie, Jr.
Hawk Software
http://www.hawksoft.com
|
|
|
|
|