> I need an opinion on a current design implementation in place. We have > an ftp server sitting in our dmz. This box has two nics - one is > plugged into the dmz hub and one is plugged into our network. I think > this is a security risk and we should just allow internal users access > to the box via the firewall by opening the port instead of having dual > nics. they do not see a security risk. maybe i am just too new at this > and need some education. what is the "best" way to implement this > configuration?
What part of when the computer gets compromised (That is why it is in the DMZ in the first place) and the hacker now has complete access to the internal network do they not understand? The purpose of a DMZ zone is an untrusted no mans land that is exposed to the Internet while being separated from the internal LAN. Having a NIC on the Internal network on a computer in the DMZ is providing a direct link for the Internet into your LAN. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com
