I agree with everything Eric said, and wanted to add a
couple of points...

> Should an attacker authenticate and gain admin
> access to the machine via
> the external NIC (over IP),

As Ryan alluded to, this is the key the scenario. If
steps are taken to protect the box with particular
focus on the external NIC, and security is an ongoing
process incorporating monitoring, etc, then the risks
of a dual-homed host can be mitigated to some degree.
Dual-homed hosts are obviously not new, and many
hosting and data centers have such hosts.

> they can gain control of
> the dual homed system
> and can obtain either GUI or command line access to
> the machine.

This is one thing I'm particularly interested in.
I've been talking to some of the folks here at
BlackHat, and I haven't found anyone yet who has seen
a compromised NT or Win2K box that was used taken over
and used to step off in other directions...corporate
infrastructure, attack other hosts, etc.

While Eric's words are indeed true, I'd be interested
in hearing and discussing the details of such boxes
with anyone willing.

carv

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]