Guidance on dual-homed server security

Learn more about how a dual-homed server operates, and what security restrictions it entails in this expert response from Anand Sastry.

Anand Sastry

Barclays
Published: 25 Feb 2011

What is the guidance/instruction from DoD entities such as DISA on the subject of dual-homed (using two or more NIC cards) servers?

Section 5.3.2 of DISA's Unified Capabilities Requirements (UCR) (.pdf) gives guidance on dual-homed servers, which...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

are servers with two network interface cards (NICs)often used in devices that need a secure internal network, as well as access to the Internet or a broader, less secure WAN. However, the SCADA best practice rejects using a dual-homed server as a segregation device. So, ideally, it's best to avoid a dual-homed setup.

A dual-homed configuration is dependent on the operating system (OS) providing separation between the respective networks that the dual-homed device bridges, but this can be easily -- and is commonly -- overridden by an application. Thus, any worm or virus infections on a dual-homed server will leave both networks vulnerable.

It's better to enforce network separation using a dedicated filtering device (e.g., a firewall)than leveraging software-based methods, such as relying on a dual-homed system's OS. Unless the two NICs on the server are set up for redundancy, dual -homed configurations are generally avoided.

Dig Deeper on Network device security: Appliances, firewalls and switches

All
News
Get Started
Evaluate
Manage
Problem Solve

Related Q&A from Anand Sastry

Is full-disk server encryption software worth the resource overhead?

While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses. Continue Reading

How to set up SFTP automation for FTP/DMZ transfer

Transferring files from a DMZ to an internal FTP server can be risky. In this expert response, Anand Sastry explains how to use SFTP automation to ... Continue Reading

How to set up a site-to-site VPN to coexist with a DMZ

When setting up a site-to-site VPN, where should the VPN endpoint be in the DMZ? Learn more in this expert response. Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

How to conduct proper AWS vulnerability scanning in 3 steps

Cloud vulnerability management can be complicated. Learn how to perform AWS vulnerability scans under the shared responsibility ...

Research shows cloud security vulnerabilities grow

Recent research shows the number of cloud security incidents are growing. Here are the biggest contributors to the complicated ...

4 necessary steps to evaluate public cloud security

The Capital One hack raised questions about public cloud security. Take these four steps to ensure your data is protected.

SearchNetworking

What is data center networking, and how can you get started?

This feature explores the basics of data center networks, such as how to plan for data center consolidation, the effects of cloud...

Gartner Hype Cycle deems software-defined networking obsolete

A Gartner report on enterprise networking has declared the definition of SDN and its architectural approach as deceased. Cause of...

The top 5 capabilities your edge infrastructure should have

The network edge plays a vital role in the future of networking and digital transformation. Make sure your infrastructure has ...

SearchCIO

How to deal with the lack of chatbot standards

A lack of standards around chatbot development has created a situation in which enterprises are building and rebuilding bots. But...

RPA journey: Schneider Electric's global plan taps Blue Prism, UiPath

Schneider Electric, a multinational energy management company, has embarked on a robotic process automation journey, establishing...

Blurring the lines between RPA platforms and APIs

RPA is quickly making itself known in the automation market, but the real game changer is utilizing the technology in an API-rich...

SearchEnterpriseDesktop

Windows 10 19H2 update brings few changes, more confusion

Windows 10 updates have plagued IT since the inception of the OS. Microsoft may be attempting to assuage IT's concerns with the ...

New Windows vulnerabilities reveal there is no rest for weary IT

The two latest Windows security vulnerabilities reiterate the importance for IT admins to stay diligent when updating and ...

7 questions to ensure UEM supports a Windows 10 migration

The right UEM platform will go a long way in streamlining a Windows 10 migration. Ask these questions to ensure your ...

SearchCloudComputing

VMware-Pivotal deal confirmed at $2.7 billion – what's next?

VMware will plunk down $2.7 billion for Pivotal in a deal that has hallmarks of a family reunion, but could help drive a broader ...

Use modern cloud security best practices

Enterprises still worry about the security of cloud and if migrating will put data at risk. Explore modern methods, technologies ...

VMware acquisition of Intrinsic denotes bigger strategic plan

VMware has acquired Intrinsic, a maker of virtualization technology that secures Node.js applications on serverless environments ...

ComputerWeekly.com

IR35 reforms: HMRC defends off-payroll rules guidance against "woeful" IPSE jibes

HMRC promises there are more preparatory materials in the pipeline to help the private sector prepare for the April 2020 IR35 ...

Three more identity providers to withdraw from troubled Gov.uk Verify programme

Three of the five companies supporting the government's troubled digital identity scheme are pulling out, raising further ...

How to bolster IAM strategies using automation

Identity and access management processes and technologies play an important role in security strategies, but organisations and IT...

Dig Deeper on Network device security: Appliances, firewalls and switches

Related Q&A from Anand Sastry

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.