Multihomed Question

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a Win2k Adv Server configured as a multihomed server on our campus
network. Each Nic is configured for different subnets. One subnet is
considered to be the faculty/staff subnet and the other is considered to be
the student subnet. I'm being told that this configuration is a threat to
our campus network and I don't see how that is possible. What are your
thoughts on this and could you tell me the advantages and disadvantages to my
current setup?

Thank you.
 
assuming you want to block the students access the staff while staff can access the students, setup the server as a router is one option. Good or bad depend on how you setup. For example, can students access the staff network?

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I have a Win2k Adv Server configured as a multihomed server on our campus
network. Each Nic is configured for different subnets. One subnet is
considered to be the faculty/staff subnet and the other is considered to be
the student subnet. I'm being told that this configuration is a threat to
our campus network and I don't see how that is possible. What are your
thoughts on this and could you tell me the advantages and disadvantages to my
current setup?

Thank you.
 
Students cannot access resources on the staff network unless permission is
giving through Group Policy.
 
It's a security threat in that the server can broadcast to each network. If
a virus that relies on broadcast to propogate entered via one NIC it could
propogate from the other. If it's just a DC (i.e. not a file server, etc.),
then I don't see any threat of compromising one network from the other side
as long as permissions and policies are locked down. If it IS sharing
resources that are accessible from either side, that could be trouble.

....kurt
 
Thanks for the reply Kurt. I understand what you are saying, but if all
clients on the student network and the faculty/staff network are up-to-date
as far as antivirus is concerned and MS updates, is there still a potential
threat?
 
There's always a threat but once again, as long as you aren't allowing it to
be a relay point between the two sides, and you have the appropriate
permissions and policies in place, I'd say the threat is minimal. Basically,
you're not going to allow routing or packet forwarding between interfaces.
You're not sharing anything. No one but administrators have the right to
logon interactively. You've renamed the administrator account and only
administrators know the account name and (strong) password, etc., etc.
Preety much the same precautions you'd take if you were setting up a public
web/ftp server.
 
Back
Top