Hello, I am just thinking about network setup and would appreciate any comments on this idea. Especially any security related comment is welcome: Lets think about a "ordinary" internet setup: You have got the internet connected to a firewall - behind the firewall there is a DMZ. In this DMZ there is a proxy providing access to the Internet for local computers in a private IP LAN. Nothing special up to this point. As we are all concerned about security and don't like unnecessary work, there usually is some kind of SSH Service on all the machines, which means just one more open port to be attacked on. The idea: Add another network interface to each box in the DMZ and put them into a private IP-network. Use this network for administration purpose only. Example: 1 Firewall 1 Mailserver 1 Proxy Firewall has 3 NICs: 1 connected to the internet showing no open ports 1 connected to the DMZ showing no open ports 1 connected to the administrative IP network providing SSH Mailserver has 2 NICs: 1 connected to the DMZ providing SMTP-service 1 connected to the administrative IP network providing SSH Proxy has 3 NICs: 1 connected to the DMZ showing no open ports 1 connected to the LAN providing several proxy services 1 connected to the administrative IP network providing SSH Probably there is a router between the LAN and the administrative IP network somewhere in the LAN. Would this setup provide any benefit regarding security, provided that there is proper configuration? Any comment would really be appreciated. Thank you very much in advance, Stefan Nauber Cs2 Informatik GmbH & Co. KG - Niederlassung West - Kurfürstenanlage 3 69115 Heidelberg Germany Tel.: +49 (6221) 6041-0 Fax : +49 (6221) 6041-50 Email: mailto:stefan.nauber@cs2-informatik.de Internet: http://www.cs2-informatik.de