Guidance on dual-homed server security

Learn more about how a dual-homed server operates, and what security restrictions it entails in this expert response from Anand Sastry.

Barclays

What is the guidance/instruction from DoD entities such as DISA on the subject of dual-homed (using two or more NIC cards) servers?

Section 5.3.2 of DISA's Unified Capabilities Requirements (UCR) (.pdf) gives guidance on dual-homed servers, which...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

are servers with two network interface cards (NICs)often used in devices that need a secure internal network, as well as access to the Internet or a broader, less secure WAN. However, the SCADA best practice rejects using a dual-homed server as a segregation device. So, ideally, it's best to avoid a dual-homed setup.

A dual-homed configuration is dependent on the operating system (OS) providing separation between the respective networks that the dual-homed device bridges, but this can be easily -- and is commonly -- overridden by an application. Thus, any worm or virus infections on a dual-homed server will leave both networks vulnerable.

It's better to enforce network separation using a dedicated filtering device (e.g., a firewall)than leveraging software-based methods, such as relying on a dual-homed system's OS. Unless the two NICs on the server are set up for redundancy, dual -homed configurations are generally avoided.

This was last published in February 2011

Dig Deeper on Network device security: Appliances, firewalls and switches

All
News
Get Started
Evaluate
Manage
Problem Solve

Related Q&A from Anand Sastry

Is full-disk server encryption software worth the resource overhead?

While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses. Continue Reading

How to set up SFTP automation for FTP/DMZ transfer

Transferring files from a DMZ to an internal FTP server can be risky. In this expert response, Anand Sastry explains how to use SFTP automation to ... Continue Reading

How to set up a site-to-site VPN to coexist with a DMZ

When setting up a site-to-site VPN, where should the VPN endpoint be in the DMZ? Learn more in this expert response. Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

Coalfire adds 2 programs to its cloud security services

Coalfire has launched Secure Cloud Automation Services and Cloud Security Strategy and Maturity Assessment programs to build out ...

3 best practices for cloud security monitoring

Cloud security monitoring can be laborious to set up, but organizations can make it easier. Learn about three best practices for ...

Why centralization in a multi-cloud security strategy is key

When moving to a multi-cloud infrastructure, there are a few strategies to keep in mind. Learn how centralization will limit the ...

SearchNetworking

Customers get a peek at future Extreme Networks products

Extreme Connect attendees got a peek at the company's product roadmap. Upcoming Extreme Networks products include an IoT device ...

Marconi Mainnet launched for building, scaling complex networks

The Marconi Mainnet platform provides blockchain security, multi-cloud connectivity, advanced firewalls and secure gateways for ...

Key factors to consider before evaluating campus edge switches

Before buying a campus edge switch, it's important to understand how technologies such as IoT could affect campus traffic and how...

SearchCIO

Surveillance technology under fire, amid growing societal concerns

As San Francisco halts city use of facial recognition technology, CIOs could see more regulatory actions against surveillance ...

Deep learning pioneer Fei-Fei Li on the fundamentals of ethical AI

AI luminary Fei-Fei Li was among a group of distinguished AI researchers asked to share their thoughts on how to develop ethical ...

Andrew Ng's AI playbook for the enterprise: 6 must-dos

AI legend and online education pioneer Andrew Ng has developed an AI playbook for businesses. Here are six must-dos.

SearchEnterpriseDesktop

Employee experience gets top billing at Citrix Synergy

Citrix details upgrades to Workspace and unveils a new DaaS product called Managed Desktops, as well as a new integration with ...

Micro apps, AI to power new version of Citrix Workspace

Citrix adds intelligence and micro apps to its Workspace product, bringing in capabilities from the Sapho acquisition to bolster ...

Lenovo to launch ThinkBook brand, next-gen ThinkPad X1

Lenovo announced the launch of its ThinkPad subbrand called ThinkBook. It will be focused on small and medium-sized businesses ...

SearchCloudComputing

Multi-cloud management tools fall short of expectations

Multi-cloud presents new management issues for enterprises. Users want better visibility and control of multiple clouds, but ...

Microsoft hands developer advocates keys to the kingdom

Microsoft views developers as key to not only maintaining its customer base, but expanding it through interaction with open ...

Poor hybrid data placement can swell cloud costs

Enterprises that rely on public clouds are no stranger to egress traffic charges, but those costs can skyrocket when it comes to ...

ComputerWeekly.com

Singapore proposes data portability provisions

The Personal Data Protection Commission is seeking public feedback on proposed provisions that will let consumers move their ...

Security Think Tank: Effective IT segregation must involve the business

What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?

How Kubernetes’ fifth year is leading to a shift in enterprise IT

As Kubernetes turns five, the Cloud Native Computing Forum (CNCF) plans to make containerisation simple

Dig Deeper on Network device security: Appliances, firewalls and switches

Related Q&A from Anand Sastry

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.