1

Say I have a server with multiple interfaces. I wish to configure each interface as different IP addresses (and host name). Is it advisable, on a security standpoint, to do that? I have an application sitting on this server collecting statistics from different network segments. Or should I use firewalls instead? thank you

Pang Ser Lark
  • 1,929
  • 2
  • 16
  • 26
  • Having several IP addresses has nothing to do with "using a firewall". As for the rest: did you add several interfaces to your server because you felt like it or do you actually have some reasons behind all this ? – Stephane Apr 15 '15 at 13:13
  • @Stephane Please don't use the close/downvote features for questions where you think the asker is confused or mislead about the situation, when the question itself is on-topic and relatively clear. It's much more constructive to ask for clarifications and provide advice which clears up the confusion than to just dismiss the question. – Polynomial Apr 15 '15 at 13:15
  • hi, Stephane. As mentioned, i have a requirement to collect network statistics from different segments to this server. So instead of setting up 4 different servers at each different network, I wish to set up just one server, and connect each network to each interface. Is this a security concern? – Pang Ser Lark Apr 15 '15 at 13:18

1 Answers1

1

You should consider the following:

  • If the two interfaces connect to two different network segments, with different levels of trust (e.g. DMZ and internal network), you are essentially bridging those networks.
  • Software firewalls can help mitigate the potential for abuse, but you must also consider situations where the firewall daemon fails to start, or the rules are not configured / implemented correctly. (e.g. are you properly blocking layer 2 traffic? and IPv6?)
  • If a vulnerability is found in your server (e.g. a kernel bug in the network stack that allows RCE) then an attacker may be able to pivot from one network to the other.

If you're concerned about traffic traveling between the two networks, you need to take measures to prevent this. The best measure is to not bridge in the first place and, as you noted, install separate servers on each segment. Properly configuring the routing table and a software firewall on the bridging system is critical to prevent abuse, but as I mentioned above it's not perfect.

One solution I've seen used is to install two separate hardware firewalls between the server and the network segments (i.e. segA <--> fwA <--> server <--> fwB <--> segB), with both inbound and outbound rules on both, so that an attacker would have to compromise both hardware firewalls and the software firewall on the system in order to pass traffic between the network segments.

Alternatively, you could look into unidirectional networking (also known as "data diodes") if the data transfer only needs to go from each segment into the server, and not the other way around. You can buy hardware systems which enforce this physically, so that there's (hopefully) no way to bypass the restriction.

As for what's safe enough for you, that largely depends on what your threat model and security requirements are.

Polynomial
  • 132,208
  • 43
  • 298
  • 379