Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Server Security

This is a case of enterprize network design . We normally place couple of servers into a DMZ and those servers have a default gateway pointing towards the firewall interface . Lets say the servers are having a subnet of 10.10.10.0/24 . In a case ServerA wants to access another network he goes to firewall and then data flows as per the route table but in a case where ServerA accesses ServerB it will access directly because of the same subnet e.g. 10.10.10.10 tries to access 10.10.10.20 .

Which actually means that if ServerA is compromized by an attacker he can upload tools there and launch attacks from that ServerA to ServerB and ServerC .

How can we protect our network in such a situation when the attacker will launch attack from ServerA which goes directly to other servers without going to any layer 3 device . Motive is to protect other servers in case 1 server gets compromized .

1 REPLY
Cisco Employee

Server Security

To logically separate servers on one vlans you should use private vlans or protocted ports.

364
Views
0
Helpful
1
Replies
CreatePlease to create content