Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
RFC: Network Setup
  • From: "Stefan Nauber" <nauber@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 5 Feb 2002 08:03:45 +0100
  • Message-id: <000d01c1ae13$419d8b20$0c01a8c0@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Hello,

I am just thinking about network setup and would appreciate any comments on
this idea. Especially any security related comment is welcome:

Lets think about a "ordinary" internet setup: You have got the internet
connected to a firewall - behind the firewall there is a DMZ. In this DMZ
there is a proxy providing access to the Internet for local computers in a
private IP LAN. Nothing special up to this point.

As we are all concerned about security and don't like unnecessary work,
there usually is some kind of SSH Service on all the machines, which means
just one more open port to be attacked on.

The idea: Add another network interface to each box in the DMZ and put them
into a private IP-network. Use this network for administration purpose only.

Example:

1 Firewall
1 Mailserver
1 Proxy

Firewall has 3 NICs:

1 connected to the internet showing no open ports
1 connected to the DMZ showing no open ports
1 connected to the administrative IP network providing SSH

Mailserver has 2 NICs:

1 connected to the DMZ providing SMTP-service
1 connected to the administrative IP network providing SSH

Proxy has 3 NICs:

1 connected to the DMZ showing no open ports
1 connected to the LAN providing several proxy services
1 connected to the administrative IP network providing SSH

Probably there is a router between the LAN and the administrative IP network
somewhere in the LAN.

Would this setup provide any benefit regarding security, provided that there
is proper configuration?

Any comment would really be appreciated.

Thank you very much in advance,
Stefan Nauber

Cs2 Informatik GmbH & Co. KG
- Niederlassung West -
Kurf├╝rstenanlage 3
69115 Heidelberg
Germany
Tel.: +49 (6221) 6041-0
Fax : +49 (6221) 6041-50
Email: mailto:stefan.nauber@xxxxxxxxxxxxxxxxx
Internet: http://www.cs2-informatik.de


< Previous Next >
Follow Ups