On Saturday 10 July 2004 07:18, Jens wrote:> I am curious how other people have arranged things so that you keep the
> isolation advantage of the DMZ while still allowing a special backup box
> access so it can do it''s job. The idea is to have the backup box
located on
> the local net. Is this possible or will I always compromise the integrity
of
> the DMZ ?
You already allow ssh connections from a special box in your local net to
access the dmz right? Or do you always run into the server room and do
everything from the console? Whats so special about allowing backup from the
backup host?
That being said, if you are afraid of local users, don''t base
authentication
for the backup purely on the IP/MAC address, too easy to spoof.
Alex