paul_at_work
asked on
FTP server not in DMZ
I have read that it is recommended when installing an FTP server to do so in a DMZ.
What is the actual security risk of installing an FTP server on your internal network with port forwarding rules setup on your firewall?
Thanks
Paul.
What is the actual security risk of installing an FTP server on your internal network with port forwarding rules setup on your firewall?
Thanks
Paul.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks for the points, but why the B grade? I gave you the one main reason for not having an FTP server on your internal network, and you accepted that advice and are taking the recommended action. If I left something out, please let me know.
ASKER
Hi,
I was just hoping for a little more information and maybe some links to further information regarding details of the kinds of exploits that could be initiated so that I could better prepare my server.
I have since researched the subject a lot more and found some useful sites which elaborate on the kind of exploits I need to be aware of.
Many Thanks
Paul.
I was just hoping for a little more information and maybe some links to further information regarding details of the kinds of exploits that could be initiated so that I could better prepare my server.
I have since researched the subject a lot more and found some useful sites which elaborate on the kind of exploits I need to be aware of.
Many Thanks
Paul.
dhoffman,
If it makes you feel any better, I would have given you an A+. Your answer was simple and to the point. I suppose some people like references and citations.
"Any servers that are to be public facing should be isolated from your internal network. Keep them in the DMZ."
It doesn't get any more simple that that.
Asker- "What is the actual security risk of installing an FTP server on your internal network with port forwarding rules setup on your firewall?"
Answer- "How about someone who uses a denial of service attack or uses some other exploit against that FTP machine in order to give themselves remote control of that machine. Now they are in your internal network and potentially can do whatever they want to the rest of your internal machines."
I'd say you hit the nail on the head and sunk it with only one swing of the hammer.
:)
If it makes you feel any better, I would have given you an A+. Your answer was simple and to the point. I suppose some people like references and citations.
"Any servers that are to be public facing should be isolated from your internal network. Keep them in the DMZ."
It doesn't get any more simple that that.
Asker- "What is the actual security risk of installing an FTP server on your internal network with port forwarding rules setup on your firewall?"
Answer- "How about someone who uses a denial of service attack or uses some other exploit against that FTP machine in order to give themselves remote control of that machine. Now they are in your internal network and potentially can do whatever they want to the rest of your internal machines."
I'd say you hit the nail on the head and sunk it with only one swing of the hammer.
:)
ASKER
thanks for the reply, ive moved my ftp server to the DMZ now.