?
Solved

Proxy within DMZ and Proxy begind the firewall

Posted on 2014-03-31
3
Medium Priority
?
318 Views
Last Modified: 2014-04-01
Is there any advantage to providing a proxy server within the DMZ, as opposed to putting a proxy behind the firewall and sending out only through ports enabled by the firewall?

In other words, in one configuration, you put your app behind a firewall, and your proxy server in the DMZ.  

In the other scenario you put the app behind the firewall, but a proxy begind the firewall as well.

Why would the first method (proxy in the DMZ) be better than the second?

njd
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 

Author Comment

by:Anthony Lucia
ID: 39967921
By better I mean more secure
0
 
LVL 62

Expert Comment

by:gheist
ID: 39968050
Ar we talking about proxy or reverse proxy here?
0
 
LVL 79

Accepted Solution

by:
arnold earned 2000 total points
ID: 39968084
"More secure "

The difference is as follows in DMZ configuration, if the proxy is compromised, the access an intruder will have is the same as the proxy would. Usually meaning it will have a limited access to a server for which it provides services.

In a firewall port forwarding to a proxy on the LAN, a compromised proxy server provides full access to the LAN on which it runs.

DMZ.                          /    DMZ <=> system
Internet <=> firewall <=>  LAN
The firewall will govern what requests from a system on DMZ will be allowed

No DMZ
Internet <=> firewall <=> LAN included the system reverse proxy


DMZ is commonly used, its implementation functionality and scope varies by the capability of the firewall used.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses
Course of the Month13 days, 8 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question