Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
565
Views
0
Helpful
1
Replies

Server Security

communication.boy
Level 1
Level 1

‎03-10-2012 12:44 PM - edited ‎03-10-2019 05:38 AM

This is a case of enterprize network design . We normally place couple of servers into a DMZ and those servers have a default gateway pointing towards the firewall interface . Lets say the servers are having a subnet of 10.10.10.0/24 . In a case ServerA wants to access another network he goes to firewall and then data flows as per the route table but in a case where ServerA accesses ServerB it will access directly because of the same subnet e.g. 10.10.10.10 tries to access 10.10.10.20 .

Which actually means that if ServerA is compromized by an attacker he can upload tools there and launch attacks from that ServerA to ServerB and ServerC .

How can we protect our network in such a situation when the attacker will launch attack from ServerA which goes directly to other servers without going to any layer 3 device . Motive is to protect other servers in case 1 server gets compromized .

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎03-18-2012 02:28 PM

To logically separate servers on one vlans you should use private vlans or protocted ports.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card