Solved

Proxy within DMZ and Proxy begind the firewall

Posted on 2014-03-31
3
311 Views
Last Modified: 2014-04-01
Is there any advantage to providing a proxy server within the DMZ, as opposed to putting a proxy behind the firewall and sending out only through ports enabled by the firewall?

In other words, in one configuration, you put your app behind a firewall, and your proxy server in the DMZ.  

In the other scenario you put the app behind the firewall, but a proxy begind the firewall as well.

Why would the first method (proxy in the DMZ) be better than the second?

njd
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 

Author Comment

by:Anthony Lucia
ID: 39967921
By better I mean more secure
0
 
LVL 62

Expert Comment

by:gheist
ID: 39968050
Ar we talking about proxy or reverse proxy here?
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 39968084
"More secure "

The difference is as follows in DMZ configuration, if the proxy is compromised, the access an intruder will have is the same as the proxy would. Usually meaning it will have a limited access to a server for which it provides services.

In a firewall port forwarding to a proxy on the LAN, a compromised proxy server provides full access to the LAN on which it runs.

DMZ.                          /    DMZ <=> system
Internet <=> firewall <=>  LAN
The firewall will govern what requests from a system on DMZ will be allowed

No DMZ
Internet <=> firewall <=> LAN included the system reverse proxy


DMZ is commonly used, its implementation functionality and scope varies by the capability of the firewall used.
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question