> I need an opinion on a current design implementation in > place. We have > an ftp server sitting in our dmz. This box has two nics - one is > plugged into the dmz hub and one is plugged into our network. I think > this is a security risk and we should just allow internal users access > to the box via the firewall by opening the port instead of having dual > nics. they do not see a security risk. maybe i am just too > new at this > and need some education. what is the "best" way to implement this > configuration?
The best way is as you suggested.. Just have one nic and force all traffic through the firewall. That is a whole point of a DMZ. In your current setup.. if someone compromises the ftp server they will have access to your entire internal network without any firewall in their way. Mike -- Michael J. Cunningham (CISSP, SCNA, SCSA, CCSA)
