Dave Hall wrote:
> On Tue, Aug 21, 2007 at 02:28:56PM -0600, Chris Friesen wrote:
>>Dave Hall wrote:
>>>Why not just add a second network card to the machine that you will be
>>>using to fetch the data and connect the two with a cross-over cable.
>>This leaves the system at risk to a compromised "data fetching" machine.
>> If that's an acceptable risk, then fine. My earlier suggestion was to
>>add a filtering bridge in addition to this proxy machine.
> How is the risk to the data any different? Are the additional layers of
> security worth the cost and effort relative to the risk?
Suppose we have machine A, which is the instrumentation machine. We
also have machine B, which faces the public network.
You proposed that B have dual nics, so that A doesn't face the public
network. This is a good start, but if B is compromised, then unless
there are further safeguards it can infect A. This may be an acceptable
risk, especially if B is a *nix box of some sort rather than a windows box.
I proposed adding device C, which is a filtering bridge between A and B.
It allows only such traffic as is necessary to dump data from A to B,
and it requires that those connections be initiated by A.
In this case, if B is compromised it cannot compromise A unless it
comprimises C as well. Since C does not have an IP address, it is more
difficult to detect, and even harder to compromise.
Chris
Received on Tue Aug 21 15:38:16 2007
This archive was generated by hypermail 2.1.8 : Tue Aug 21 2007 - 15:38:20 CST