- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- HPE 9000 and HPE e3000 Servers
- >
- Dual NICs - A-Class - Security?
HPE 9000 and HPE e3000 Servers
1753318
Members
6000
Online
108792
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2002 06:33 AM
тАО04-29-2002 06:33 AM
Dual NICs - A-Class - Security?
Hi all!
I've got an A-class with two LAN interfaces, currently using just one. It's configured with an IP in our network DMZ (is of course, firewalled, etc). The problem is, without an internal tape drive, we currently are not backing up that machine. (!)
I'd like to take the other interface, configure it on our internal subnet, so we can get a backup agent installed and do the backup remotely just like our other boxes.
My concern is - what steps do I need to take to ensure that our internal network cannot be accessed if that box is compromised? Although now that I think about it, if that box IS compromised, there's nothing stopping an attacker from undoing any changes to the configuration and further intruding our internal network.
Is the only solution another firewall between that box and our internal network that will only pass 'backup' traffic? Do we need to invest in an external tape drive?
Thanks!
I've got an A-class with two LAN interfaces, currently using just one. It's configured with an IP in our network DMZ (is of course, firewalled, etc). The problem is, without an internal tape drive, we currently are not backing up that machine. (!)
I'd like to take the other interface, configure it on our internal subnet, so we can get a backup agent installed and do the backup remotely just like our other boxes.
My concern is - what steps do I need to take to ensure that our internal network cannot be accessed if that box is compromised? Although now that I think about it, if that box IS compromised, there's nothing stopping an attacker from undoing any changes to the configuration and further intruding our internal network.
Is the only solution another firewall between that box and our internal network that will only pass 'backup' traffic? Do we need to invest in an external tape drive?
Thanks!
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2002 06:56 AM
тАО04-29-2002 06:56 AM
Re: Dual NICs - A-Class - Security?
Hi,
We've got a similar situation (and only 1 LAN card :-) so here goes for our solution :
- The most secure way to do this is to backup to an external tapedrive. If you want absolute security ... go for that. However, it is a bothersome procedure and there's bound to be mistakes (as there's humans involved :-).
- The alternative we use is to determine which ports are used for the backups (we use Ignite for the bootdisk, Tivoli for the database). These ports are opened on the firewall ... but only in the interval we determined to be the backupwindow. This is very tricky (for example when you've got Daylight Saving time issues) but it works (automatically, which is the point) nine out of ten times.
Hope this helps you make your decision,
Tom
We've got a similar situation (and only 1 LAN card :-) so here goes for our solution :
- The most secure way to do this is to backup to an external tapedrive. If you want absolute security ... go for that. However, it is a bothersome procedure and there's bound to be mistakes (as there's humans involved :-).
- The alternative we use is to determine which ports are used for the backups (we use Ignite for the bootdisk, Tivoli for the database). These ports are opened on the firewall ... but only in the interval we determined to be the backupwindow. This is very tricky (for example when you've got Daylight Saving time issues) but it works (automatically, which is the point) nine out of ten times.
Hope this helps you make your decision,
Tom
A life ? Cool ! Where can I download one of those from ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2002 07:28 AM
тАО04-29-2002 07:28 AM
Re: Dual NICs - A-Class - Security?
Eric,
If you put that second LAN card on your internal network, and your A-class get's compromised, then your internal network is open for attack. If putting a tape drive on the A-class is not an option, then do this:
Create a backup LAN. A LAN that is only used to backup other servers. This Backup server should NOT be attached to your internal LAN - basically it should be a stand-alone server in your "DMZ". The ROUTING rules should be from POINT TO POINT with only a FEW (the fewer the better) ports open. This way, if your A-class server is compromised, then the rest of your DMZ servers are still "secured".
live free or die
harry
If you put that second LAN card on your internal network, and your A-class get's compromised, then your internal network is open for attack. If putting a tape drive on the A-class is not an option, then do this:
Create a backup LAN. A LAN that is only used to backup other servers. This Backup server should NOT be attached to your internal LAN - basically it should be a stand-alone server in your "DMZ". The ROUTING rules should be from POINT TO POINT with only a FEW (the fewer the better) ports open. This way, if your A-class server is compromised, then the rest of your DMZ servers are still "secured".
live free or die
harry
Live Free or Die
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP