[ale] network question

[Wandered Inn]

Joseph Andrew Knapka wrote:
> 

> Afterthought... this sort of setup could be a security hole, in
> that if a cracker gets access to your DMZ, they might be more
> easily able to get inside your internal net, if a box logically on
> the internal net (with which eg cleartext passwords might sometimes
> be exchanged) physically lives on the DMZ segment.

Ah, that is a concern as well.  My assumption is that if there is no
route to this box from the primary firewall that's connected to the
internet, then I'm okay.  I'm not so much concerned with someone getting
access to this box as I am them using it to get to my internal network.

So how much safer, if at all, is this setup up then just putting this
box on the dmz subnet itself? Am I simply relying on 'security by
obscurity?'  My thinking was that by putting it on it's own subnet (by
itself), I've provided some protection.

The only way to get to this box would be via the gateway that sits
between the dmz and the internal network and the primary firewall can
not 'see' this box. True assumptions?

I guess the safest solution is either another hub, or add another nic to
my internal gateway and hooking it to this box?

--
Until later: Geoffrey		esoteric at denali.atlnet.com

"Great spirits have always found violent opposition from mediocre minds.
The latter cannot understand it when a man does not thoughtlessly submit
to hereditary prejudices but honestly and courageously uses his
intelligence." - Albert Einstein
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.