[Gllug] Are IP Aliases a security risk?
Richard Jones
rich at annexia.org
Sat Jul 5 15:28:07 UTC 2003
On Sat, Jul 05, 2003 at 03:37:32PM +0100, Dylan wrote:
> I can have:
>
> eth0 [= eth0, above]
> eth0:1 [= eth1, above]
>
> My questions are:
>
> A) Does this raise any security issues which aren't present in the dual-NIC
> setup?
If two networks run on the same physical cabling, then someone getting
root and running tcpdump will be able to see traffic on both of the
networks. Similarly if you have untrusted machines on that cable
(think: wireless war-drivers).
> B) How much speed impact might I expect assuming I was using the 100Mb switch?
I really doubt you'd notice it!
> C) At the moment, some machines are configured so that one or other interface
> is not started at boot (e.g. the nfs server does not start eth1 unless I do
> it manually for a software update, the machine which the lodgers use for web
> surfing doesn't start eth0 so they have no internal network access) Can I
> start eth0:1 without eth0?
Yes, but your security is nada if they have untrusted machines on the
same piece of cable.
Have you thought about putting all the machines on the same network
and using encrypted VPNs / ssh to control access to resources?
Rich.
--
Richard Jones. http://www.annexia.org/ http://freshmeat.net/users/rwmj
Merjis Ltd. http://www.merjis.com/ - all your business data are belong to you.
"I wish more software used text based configuration files!"
-- A Windows NT user, quoted on Slashdot.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list