Solved

DMZ Security Risk Questions

Posted on 2011-02-23
6
767 Views
Last Modified: 2013-12-02
I'm trying to determine if there are any weaknesses relating to an FTP server in our DMZ. Where would I start looking? I know this is a vague question, but I'm concerned about files containing sensitive data being stored on the server. Where would I start? Again, I know this is vague, but humor me. Thanks guys.
0
Comment
Question by:isaacr25
  • 2
  • 2
  • 2
6 Comments
 
LVL 21

Expert Comment

by:Rick_O_Shay
ID: 34969373
I don't think you should put sensitive information on a server facing the outside where anyone can reach it.
0
 

Author Comment

by:isaacr25
ID: 34969866
Even in the DMZ? Can you give me some reasons why? I'm not saying I support where it is... I just want some further info on the topic.
0
 
LVL 16

Accepted Solution

by:
AlexPace earned 334 total points
ID: 34969874
FTP sends userids and passwords in plain text.  Your users will be tempted to use the same password for everything so this is dangerous if they also have a domain account.  Its better to use one of the encrypted versions like FTPS (ftp over ssl) or SFTP (based on ssh.)
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:isaacr25
ID: 34970838
Ok. So what about files that sit on the server (not necessarily being FTP's or SFTP'd)? How can those be at risk?
0
 
LVL 21

Assisted Solution

by:Rick_O_Shay
Rick_O_Shay earned 166 total points
ID: 34971769
By definition things in the DMZ are outward facing and can be seen by anyone outside.
That makes it susceptible to attempts to hack it.
Sensitive stuff should be on the inside and only accessible to legitimate users via secure connection like SSL or IPSEC.
0
 
LVL 16

Assisted Solution

by:AlexPace
AlexPace earned 334 total points
ID: 34971886
For the same reason you need to be careful to keep the OS patched on all your machines in the DMZ.  You can't just wait and do it every 6 months or whenever you get around to it.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
fb messenger security and privacy 15 95
Giving user local admin via workstation security properties on SBS 2008 3 41
Scan Mac for security breach? 5 42
Home security 15 41
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question