Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 781
  • Last Modified:

DMZ Security Risk Questions

I'm trying to determine if there are any weaknesses relating to an FTP server in our DMZ. Where would I start looking? I know this is a vague question, but I'm concerned about files containing sensitive data being stored on the server. Where would I start? Again, I know this is vague, but humor me. Thanks guys.
0
isaacr25
Asked:
isaacr25
  • 2
  • 2
  • 2
3 Solutions
 
Rick_O_ShayCommented:
I don't think you should put sensitive information on a server facing the outside where anyone can reach it.
0
 
isaacr25Author Commented:
Even in the DMZ? Can you give me some reasons why? I'm not saying I support where it is... I just want some further info on the topic.
0
 
AlexPaceCommented:
FTP sends userids and passwords in plain text.  Your users will be tempted to use the same password for everything so this is dangerous if they also have a domain account.  Its better to use one of the encrypted versions like FTPS (ftp over ssl) or SFTP (based on ssh.)
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
isaacr25Author Commented:
Ok. So what about files that sit on the server (not necessarily being FTP's or SFTP'd)? How can those be at risk?
0
 
Rick_O_ShayCommented:
By definition things in the DMZ are outward facing and can be seen by anyone outside.
That makes it susceptible to attempts to hack it.
Sensitive stuff should be on the inside and only accessible to legitimate users via secure connection like SSL or IPSEC.
0
 
AlexPaceCommented:
For the same reason you need to be careful to keep the OS patched on all your machines in the DMZ.  You can't just wait and do it every 6 months or whenever you get around to it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now