securing communication between 2 Linux servers on local network for ports only they need access to
Posted
by
gkdsp
on Server Fault
See other posts from Server Fault
or by gkdsp
Published on 2012-03-24T23:47:02Z
Indexed on
2012/03/25
5:32 UTC
Read the original article
Hit count: 193
security
I have two Linux servers connected to each other via a cross-connect cable, forming a local network. One of the servers presents a DMZ for the other server (e.g. database server) that must be very secure.
I'm restricting this question to communication between the two servers for ports that only need to be available to these servers (and no one else). Thus, communication between the two servers can be established by:
(1) opening the required port(s) on both servers, and authenticating according to the applications' rules.
(2) disabling IP Tables associated with the NIC cards the cross-connect cable is attached to (on both servers).
Which method is more secure?
In the first case, the needed ports are open to the external world, but protected by user name and password.
In the second case, none of the needed ports are open to the outside world, but since the IP Tables are disabled for the NIC cards associated with the cross-connect cables, essentially all of the ports may be considered to be "open" between the two servers (and so if the server creating the DMZ is compromized, the hacker on the DMZ server could view all ports open using the cross-connect cable).
Any conventional wisdom how to make the communication secure between two servers for ports only these servers need access to?
© Server Fault or respective owner