Jennifer Fountain wrote:
It is a security risk, yes. If an intruder gains access to the FTP server, this dual-homed machine will also grant access to the internal network; by going around (not through) the firewall between your DMZ and internal network.I need an opinion on a current design implementation in place. We have an ftp server sitting in our dmz. This box has two nics - one is plugged into the dmz hub and one is plugged into our network. I think this is a security risk and we should just allow internal users access to the box via the firewall by opening the port instead of having dual nics.
> they do not see a security risk. maybe i am just too new at this
If so, there are probably worse places to begin than thinking the situation over carefully, and then double-checking with others to see whether you were right.and need some education.
> what is the "best" way to implement this configuration?
Your suggested approach is the '"best" way', for that configuration.
However, better configurations may also be possible: in particular, if your users can use scp (sftp, rsync, etc) to access the FTP server. Authenticated access should be encrypted if possible.
If one's users aren't able or willing to switch, I'd even consider setting up an internal-only FTP server which gets rsync'ed to the anonymous FTP server in your DMZ. One could do so via cron every minute, or one could use the internal FTP server as a staging area. Before pushing changes live, you could do something like scan for virusses, double-check that the archives are not corrupted, or whatever else might be appropriate.
-Chuck
