HPE Community
HPE 9000 and HPE e3000 Servers
1753318 Members
6000 Online
108792 Solutions
New Discussion юеВ

Dual NICs - A-Class - Security?

 
Eric Yruegas_1
New Member

тАО04-29-2002 06:33 AM

тАО04-29-2002 06:33 AM

Dual NICs - A-Class - Security?

Hi all!

I've got an A-class with two LAN interfaces, currently using just one. It's configured with an IP in our network DMZ (is of course, firewalled, etc). The problem is, without an internal tape drive, we currently are not backing up that machine. (!)

I'd like to take the other interface, configure it on our internal subnet, so we can get a backup agent installed and do the backup remotely just like our other boxes.

My concern is - what steps do I need to take to ensure that our internal network cannot be accessed if that box is compromised? Although now that I think about it, if that box IS compromised, there's nothing stopping an attacker from undoing any changes to the configuration and further intruding our internal network.

Is the only solution another firewall between that box and our internal network that will only pass 'backup' traffic? Do we need to invest in an external tape drive?

Thanks!
0 Kudos
2 REPLIES 2
Tom Geudens
Honored Contributor

тАО04-29-2002 06:56 AM

тАО04-29-2002 06:56 AM

Re: Dual NICs - A-Class - Security?

Hi,
We've got a similar situation (and only 1 LAN card :-) so here goes for our solution :
- The most secure way to do this is to backup to an external tapedrive. If you want absolute security ... go for that. However, it is a bothersome procedure and there's bound to be mistakes (as there's humans involved :-).
- The alternative we use is to determine which ports are used for the backups (we use Ignite for the bootdisk, Tivoli for the database). These ports are opened on the firewall ... but only in the interval we determined to be the backupwindow. This is very tricky (for example when you've got Daylight Saving time issues) but it works (automatically, which is the point) nine out of ten times.

Hope this helps you make your decision,
Tom
A life ? Cool ! Where can I download one of those from ?
0 Kudos
harry d brown jr
Honored Contributor

тАО04-29-2002 07:28 AM

тАО04-29-2002 07:28 AM

Re: Dual NICs - A-Class - Security?

Eric,

If you put that second LAN card on your internal network, and your A-class get's compromised, then your internal network is open for attack. If putting a tape drive on the A-class is not an option, then do this:

Create a backup LAN. A LAN that is only used to backup other servers. This Backup server should NOT be attached to your internal LAN - basically it should be a stand-alone server in your "DMZ". The ROUTING rules should be from POINT TO POINT with only a FEW (the fewer the better) ports open. This way, if your A-class server is compromised, then the rest of your DMZ servers are still "secured".

live free or die
harry
Live Free or Die
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.