Bart Nikota wrote: > > Hi all! > > Sorry for the off topic, but I'm brain dead right now. ;-) > > I want to know if there would be any security risks in having two NICs in a web >server > on the DMZ with different classes of IP address. > > ie. Web services on 10.x.x.x and local net work traffic on a 192.168.x.x. > > I want to be able to back up stuff on the web server from the PROtected side without > using Tunnels or PassThrough. Using GBPro3.1.3s and WinNT4 for Webserving. > > Your thoughts appreciated, > > Bart
If I understand what you are wanting to do, you want your web server in the DMZ AND on the local network. That defeats the purpose of the DMZ. Your web server isn't isolated, you have nothing controlling traffic between the web server and your network. If your web server is breached, your internal network is available to all. Not a theoretical risk, either: Look at CodeRed II or Nimda: If your server was vulnerable, you would be attacked through port 80 (passed by the firewall, and probably within 30 minutes of setting up the box!), it was taken over via port 80, it would then broadcast its vulnerability to the world. Now, anyone who was probed by your machine could look back at your system, and do virtually anything with it, including exploring your now unprotected network, all through port 80... Not a good plan. NT and IIS has proven broken in the past, I wouldn't bet your data you have seen the last patch kits for them. Nick. -- http://www.holland-consulting.net --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
