Section 5.3.2 of DISA's Unified Capabilities Requirements (UCR) (.pdf) gives guidance on dual-homed servers, which...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
are servers with two network interface cards (NICs)often used in devices that need a secure internal network, as well as access to the Internet or a broader, less secure WAN. However, the SCADA best practice rejects using a dual-homed server as a segregation device. So, ideally, it's best to avoid a dual-homed setup.
A dual-homed configuration is dependent on the operating system (OS) providing separation between the respective networks that the dual-homed device bridges, but this can be easily -- and is commonly -- overridden by an application. Thus, any worm or virus infections on a dual-homed server will leave both networks vulnerable.
It's better to enforce network separation using a dedicated filtering device (e.g., a firewall)than leveraging software-based methods, such as relying on a dual-homed system's OS. Unless the two NICs on the server are set up for redundancy, dual -homed configurations are generally avoided.
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Anand Sastry
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses.continue reading
Transferring files from a DMZ to an internal FTP server can be risky. In this expert response, Anand Sastry explains how to use SFTP automation to ...continue reading
When setting up a site-to-site VPN, where should the VPN endpoint be in the DMZ? Learn more in this expert response.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.