Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Server Security

This is a case of enterprize network design . We normally place couple of servers into a DMZ and those servers have a default gateway pointing towards the firewall interface . Lets say the servers are having a subnet of . In a case ServerA wants to access another network he goes to firewall and then data flows as per the route table but in a case where ServerA accesses ServerB it will access directly because of the same subnet e.g. tries to access .

Which actually means that if ServerA is compromized by an attacker he can upload tools there and launch attacks from that ServerA to ServerB and ServerC .

How can we protect our network in such a situation when the attacker will launch attack from ServerA which goes directly to other servers without going to any layer 3 device . Motive is to protect other servers in case 1 server gets compromized .

Cisco Employee

Server Security

To logically separate servers on one vlans you should use private vlans or protocted ports.

CreatePlease to create content