Manage Learn to apply best practices and optimize your operations.

Can the extra network card be configured to access software on the internal network for server back-

I have three Windows 2000 servers, each residing on separate DMZs, and I want to back them up using software running on a server within our internal network. Instead of opening ports on the firewall, can I make use of the extra network card by configuring it to access our internal network? This would be for backups only. If this is possible, do I have to disable the other network card?
Assuming that the servers have multiple network cards, you could connect them to your internal network. However, that then bypasses your firewall completely, and effectively makes your servers a route to your internal network without going through the firewall. I don't think that's an approach you really want to take, even if you disabled the other NIC while connected to the internal network. What if your server was compromised and had a Trojan on it that was trying to randomly spread to other machines? When the new interface appears, it then gets the chance to spread to your internal network. Again, this defeats the purpose of having the firewall in the first place.

Is your firewall flexible enough to only open the ports you need open for those MAC addresses that you specify? If so, that provides you a way to limit which machines can use those ports (yes, I'm aware that MAC addresses can be spoofed, but someone would need to be able to find out what the correct MAC addresses are first.)

Another option might be to create a secure tunnel from your servers in the DMZs to the backup server. SSL with mutual authentication would work nicely with that, as long as each machine knows where it's supposed to be communicating.

This was last published in October 2004

Dig Deeper on Information security policies, procedures and guidelines

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.