Multihomed Question

G

Guest

I have a Win2k Adv Server configured as a multihomed server on our campus
network. Each Nic is configured for different subnets. One subnet is
considered to be the faculty/staff subnet and the other is considered to be
the student subnet. I'm being told that this configuration is a threat to
our campus network and I don't see how that is possible. What are your
thoughts on this and could you tell me the advantages and disadvantages to my
current setup?

Thank you.
 
R

Robert L [MS-MVP]

assuming you want to block the students access the staff while staff can access the students, setup the server as a router is one option. Good or bad depend on how you setup. For example, can students access the staff network?

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I have a Win2k Adv Server configured as a multihomed server on our campus
network. Each Nic is configured for different subnets. One subnet is
considered to be the faculty/staff subnet and the other is considered to be
the student subnet. I'm being told that this configuration is a threat to
our campus network and I don't see how that is possible. What are your
thoughts on this and could you tell me the advantages and disadvantages to my
current setup?

Thank you.
 
G

Guest

Students cannot access resources on the staff network unless permission is
giving through Group Policy.
 
K

Kurt

It's a security threat in that the server can broadcast to each network. If
a virus that relies on broadcast to propogate entered via one NIC it could
propogate from the other. If it's just a DC (i.e. not a file server, etc.),
then I don't see any threat of compromising one network from the other side
as long as permissions and policies are locked down. If it IS sharing
resources that are accessible from either side, that could be trouble.

....kurt
 
G

Guest

Thanks for the reply Kurt. I understand what you are saying, but if all
clients on the student network and the faculty/staff network are up-to-date
as far as antivirus is concerned and MS updates, is there still a potential
threat?
 
K

Kurt

There's always a threat but once again, as long as you aren't allowing it to
be a relay point between the two sides, and you have the appropriate
permissions and policies in place, I'd say the threat is minimal. Basically,
you're not going to allow routing or packet forwarding between interfaces.
You're not sharing anything. No one but administrators have the right to
logon interactively. You've renamed the administrator account and only
administrators know the account name and (strong) password, etc., etc.
Preety much the same precautions you'd take if you were setting up a public
web/ftp server.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

isolating multihomed server 2
pinging from multihomed server 2
Multihomed Win2K server not seen by NT clients 1
Slow logon on a Multihomed server 1
Home Networking Question: Bridging/IP Forwarding between 2 LAN segments 11
Client computers cannot find login server 1
Multihomed networking 1
Netbios / Network Neighbourhood issue 2

Top