[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 776
  • Last Modified:

DMZ Security Risk Questions

I'm trying to determine if there are any weaknesses relating to an FTP server in our DMZ. Where would I start looking? I know this is a vague question, but I'm concerned about files containing sensitive data being stored on the server. Where would I start? Again, I know this is vague, but humor me. Thanks guys.
0
isaacr25
Asked:
isaacr25
  • 2
  • 2
  • 2
3 Solutions
 
Rick_O_ShayCommented:
I don't think you should put sensitive information on a server facing the outside where anyone can reach it.
0
 
isaacr25Author Commented:
Even in the DMZ? Can you give me some reasons why? I'm not saying I support where it is... I just want some further info on the topic.
0
 
AlexPaceCommented:
FTP sends userids and passwords in plain text.  Your users will be tempted to use the same password for everything so this is dangerous if they also have a domain account.  Its better to use one of the encrypted versions like FTPS (ftp over ssl) or SFTP (based on ssh.)
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
isaacr25Author Commented:
Ok. So what about files that sit on the server (not necessarily being FTP's or SFTP'd)? How can those be at risk?
0
 
Rick_O_ShayCommented:
By definition things in the DMZ are outward facing and can be seen by anyone outside.
That makes it susceptible to attempts to hack it.
Sensitive stuff should be on the inside and only accessible to legitimate users via secure connection like SSL or IPSEC.
0
 
AlexPaceCommented:
For the same reason you need to be careful to keep the OS patched on all your machines in the DMZ.  You can't just wait and do it every 6 months or whenever you get around to it.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now