Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
0
Helpful
2
Replies

Protecting internal server from internal clients

gautamzone
Level 1
Level 1

‎10-03-2006 07:29 AM - edited ‎03-09-2019 04:23 PM

Hi friends,

A PIX 515E with 7.0(5) has been installed, interfaces being 1 Inside + 1 outside.

My question is if clients and server are connected to inside interface, how do I protect the internal server from attacks by internal clients?

Do i need to place the server in the DMZ? Since I dont have enough physical interfaces, can I create a DMZ by creating a logical interface / VLAN?

The clients, server and inside interface of a firewall are connected to a single Catalyst 2950 switch running IOS.

The client and server are in the same IP subnet as well.

Thanks a lot

Gautam

Labels:
0 Helpful
2 Replies 2

Patrick Iseli
Level 7
Level 7

‎10-03-2006 07:37 AM

If both are one the same physical interface you cannot protect your inside server without placing it at least on a VLAN. The traffic goes directly from the client to the server without beeing inspected by the Firewall.

Note that a VLAN is not as save as a physical interface,it is possible to craft packets or to sniff VLANs, but is still better to have VLANs than no control at all.

sincerely

Patrick

0 Helpful

jwalker
Level 3
Level 3
In response to Patrick Iseli

‎10-03-2006 08:07 AM

A better option would be to purchase a single interface FastEthernet card for your DMZ. Then you can do everything as stated above without the slight security issues posed by the crafted packets....

0 Helpful
Customers Also Viewed These Support Documents