securing communication between 2 Linux servers on local network for ports only they need access to

Posted by gkdsp on Server Fault See other posts from Server Fault or by gkdsp
Published on 2012-03-24T23:47:02Z Indexed on 2012/03/25 5:32 UTC
Read the original article Hit count: 193

Filed under:

I have two Linux servers connected to each other via a cross-connect cable, forming a local network. One of the servers presents a DMZ for the other server (e.g. database server) that must be very secure.

I'm restricting this question to communication between the two servers for ports that only need to be available to these servers (and no one else). Thus, communication between the two servers can be established by:

(1) opening the required port(s) on both servers, and authenticating according to the applications' rules.

(2) disabling IP Tables associated with the NIC cards the cross-connect cable is attached to (on both servers).

Which method is more secure?

In the first case, the needed ports are open to the external world, but protected by user name and password.

In the second case, none of the needed ports are open to the outside world, but since the IP Tables are disabled for the NIC cards associated with the cross-connect cables, essentially all of the ports may be considered to be "open" between the two servers (and so if the server creating the DMZ is compromized, the hacker on the DMZ server could view all ports open using the cross-connect cable).

Any conventional wisdom how to make the communication secure between two servers for ports only these servers need access to?

© Server Fault or respective owner

Related posts about security