Q

Can the extra network card be configured to access software on the internal network for server back-

I have three Windows 2000 servers, each residing on separate DMZs, and I want to back them up using software running on a server within our internal network. Instead of opening ports on the firewall, can I make use of the extra network card by configuring it to access our internal network? This would be for backups only. If this is possible, do I have to disable the other network card?
Assuming that the servers have multiple network cards, you could connect them to your internal network. However, that then bypasses your firewall completely, and effectively makes your servers a route to your internal network without going through the firewall. I don't think that's an approach you really want to take, even if you disabled the other NIC while connected to the internal network. What if your server was compromised and had a Trojan on it that was trying to randomly spread to other machines? When the new interface appears, it then gets the chance to spread to your internal network. Again, this defeats the purpose of having the firewall in the first place.

Is your firewall flexible enough to only open the ports you need open for those MAC addresses that you specify? If so, that provides you a way to limit which machines can use those ports (yes, I'm aware that MAC addresses can be spoofed, but someone would need to be able to find out what the correct MAC addresses are first.)

Another option might be to create a secure tunnel from your servers in the DMZs to the backup server. SSL with mutual authentication would work nicely with that, as long as each machine knows where it's supposed to be communicating.

This was first published in October 2004
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close