?
Solved

DMZ Security Risk Questions

Posted on 2011-02-23
6
Medium Priority
?
779 Views
Last Modified: 2013-12-02
I'm trying to determine if there are any weaknesses relating to an FTP server in our DMZ. Where would I start looking? I know this is a vague question, but I'm concerned about files containing sensitive data being stored on the server. Where would I start? Again, I know this is vague, but humor me. Thanks guys.
0
Comment
Question by:isaacr25
  • 2
  • 2
  • 2
6 Comments
 
LVL 21

Expert Comment

by:Rick_O_Shay
ID: 34969373
I don't think you should put sensitive information on a server facing the outside where anyone can reach it.
0
 

Author Comment

by:isaacr25
ID: 34969866
Even in the DMZ? Can you give me some reasons why? I'm not saying I support where it is... I just want some further info on the topic.
0
 
LVL 16

Accepted Solution

by:
AlexPace earned 1336 total points
ID: 34969874
FTP sends userids and passwords in plain text.  Your users will be tempted to use the same password for everything so this is dangerous if they also have a domain account.  Its better to use one of the encrypted versions like FTPS (ftp over ssl) or SFTP (based on ssh.)
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 

Author Comment

by:isaacr25
ID: 34970838
Ok. So what about files that sit on the server (not necessarily being FTP's or SFTP'd)? How can those be at risk?
0
 
LVL 21

Assisted Solution

by:Rick_O_Shay
Rick_O_Shay earned 664 total points
ID: 34971769
By definition things in the DMZ are outward facing and can be seen by anyone outside.
That makes it susceptible to attempts to hack it.
Sensitive stuff should be on the inside and only accessible to legitimate users via secure connection like SSL or IPSEC.
0
 
LVL 16

Assisted Solution

by:AlexPace
AlexPace earned 1336 total points
ID: 34971886
For the same reason you need to be careful to keep the OS patched on all your machines in the DMZ.  You can't just wait and do it every 6 months or whenever you get around to it.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
You do not need to be a security expert to make the RIGHT security. You just need some 3D guidance, to help lay out an action plan to secure your business operations. It does not happen overnight. You just need to start now and do the first thin…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question