Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1575
  • Last Modified:

FTP server not in DMZ

I have read that it is recommended when installing an FTP server to do so in a DMZ.

What is the actual security risk of installing an FTP server on your internal network with port forwarding rules setup on your firewall?

Thanks
Paul.
0
paul_at_work
Asked:
paul_at_work
  • 2
  • 2
1 Solution
 
dhoffman_98Commented:
What's the risk?

How about someone who uses a denial of service attack or uses some other exploit against that FTP machine in order to give themselves remote control of that machine. Now they are in your internal network and potentially can do whatever they want to the rest of your internal machines.

Any servers that are to be public facing should be isolated from your internal network. Keep them in the DMZ.
0
 
paul_at_workAuthor Commented:
Hi,

thanks for the reply, ive moved my ftp server to the DMZ now.

0
 
dhoffman_98Commented:
Thanks for the points, but why the B grade? I gave you the one main reason for not having an FTP server on your internal network, and you accepted that advice and are taking the recommended action. If I left something out, please let me know.
0
 
paul_at_workAuthor Commented:
Hi,

 I was just hoping for a little more information and maybe some links to further information regarding details of the kinds of exploits that could be initiated so that I could better prepare my server.

I have since researched the subject a lot more and found some useful sites which elaborate on the kind of exploits I need to be aware of.

Many Thanks
Paul.
0
 
MrMintanetCommented:
dhoffman,

If it makes you feel any better, I would have given you an A+.  Your answer was simple and to the point.  I suppose some people like references and citations.  

"Any servers that are to be public facing should be isolated from your internal network. Keep them in the DMZ."  

It doesn't get any more simple that that.

Asker-  "What is the actual security risk of installing an FTP server on your internal network with port forwarding rules setup on your firewall?"

Answer-  "How about someone who uses a denial of service attack or uses some other exploit against that FTP machine in order to give themselves remote control of that machine. Now they are in your internal network and potentially can do whatever they want to the rest of your internal machines."

I'd say you hit the nail on the head and sunk it with only one swing of the hammer.

:)
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now