[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Proxy within DMZ and Proxy begind the firewall

Posted on 2014-03-31
3
Medium Priority
?
337 Views
Last Modified: 2014-04-01
Is there any advantage to providing a proxy server within the DMZ, as opposed to putting a proxy behind the firewall and sending out only through ports enabled by the firewall?

In other words, in one configuration, you put your app behind a firewall, and your proxy server in the DMZ.  

In the other scenario you put the app behind the firewall, but a proxy begind the firewall as well.

Why would the first method (proxy in the DMZ) be better than the second?

njd
0
Comment
Question by:Anthony Lucia
3 Comments
 

Author Comment

by:Anthony Lucia
ID: 39967921
By better I mean more secure
0
 
LVL 62

Expert Comment

by:gheist
ID: 39968050
Ar we talking about proxy or reverse proxy here?
0
 
LVL 81

Accepted Solution

by:
arnold earned 2000 total points
ID: 39968084
"More secure "

The difference is as follows in DMZ configuration, if the proxy is compromised, the access an intruder will have is the same as the proxy would. Usually meaning it will have a limited access to a server for which it provides services.

In a firewall port forwarding to a proxy on the LAN, a compromised proxy server provides full access to the LAN on which it runs.

DMZ.                          /    DMZ <=> system
Internet <=> firewall <=>  LAN
The firewall will govern what requests from a system on DMZ will be allowed

No DMZ
Internet <=> firewall <=> LAN included the system reverse proxy


DMZ is commonly used, its implementation functionality and scope varies by the capability of the firewall used.
0

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Spectre and Meltdown, how it affects me and my clients?
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question