Security Basics mailing list archives
RE: DMZ and VPN
From: "Fields, James" <James.Fields () bcbsfl com>
Date: Tue, 18 Feb 2003 12:40:47 -0500
I'm not sure understand the question. You mean having the same box acting as both a DMZ FTP server and also an endpoint for VPN tunnels? That's seriously complicating things. Primary rule for security: simplify. If you can't figure out the implications of doing something, you probably can't secure it. In this particular case, if you landed VPNs on a DMZ host, you'd have to allow that host unfettered access through the firewall OR give it an internal nic. Both are terrible options; in fact, at my company, NEITHER are acceptable. -----Original Message----- From: Security Manager [mailto:sec_man1234 () yahoo com] Sent: Monday, February 17, 2003 12:30 PM To: security-basics () securityfocus com Subject: DMZ and VPN I've been following the thread on FTP servers in the DMZ with interest. I'm curious as to how it applies to a server providing VPN access using Win2k Server's Routing and Remote Access. Given that the VPN is supposed to give access to the private network to external clients (who can authenticate) how can you avoid having at least one interface on the local network? Surely the best you can do is have one interface on the private network, and the other in a DMZ (behind the firewall) - but you've still the problem if the VPN provider is compromised! How do you solve that one? TIA - SecMan. Blue Cross Blue Shield of Florida, Inc., and its subsidiary and affiliate companies are not responsible for errors or omissions in this e-mail message. Any personal comments made in this e-mail do not reflect the views of Blue Cross Blue Shield of Florida, Inc.
Current thread:
- DMZ and VPN Security Manager (Feb 18)
- RE: DMZ and VPN John Tolmachoff (Feb 18)
- Re: DMZ and VPN Alberto Cozer (Feb 18)
- RE: DMZ and VPN David Gillett (Feb 19)
- <Possible follow-ups>
- Re: DMZ and VPN abretten (Feb 18)
- Re: DMZ and VPN Chris Travers (Feb 19)
- RE: DMZ and VPN Fields, James (Feb 18)