Solved

Proxy within DMZ and Proxy begind the firewall

Posted on 2014-03-31
3
305 Views
Last Modified: 2014-04-01
Is there any advantage to providing a proxy server within the DMZ, as opposed to putting a proxy behind the firewall and sending out only through ports enabled by the firewall?

In other words, in one configuration, you put your app behind a firewall, and your proxy server in the DMZ.  

In the other scenario you put the app behind the firewall, but a proxy begind the firewall as well.

Why would the first method (proxy in the DMZ) be better than the second?

njd
0
Comment
Question by:Anthony Lucia
3 Comments
 

Author Comment

by:Anthony Lucia
ID: 39967921
By better I mean more secure
0
 
LVL 62

Expert Comment

by:gheist
ID: 39968050
Ar we talking about proxy or reverse proxy here?
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 39968084
"More secure "

The difference is as follows in DMZ configuration, if the proxy is compromised, the access an intruder will have is the same as the proxy would. Usually meaning it will have a limited access to a server for which it provides services.

In a firewall port forwarding to a proxy on the LAN, a compromised proxy server provides full access to the LAN on which it runs.

DMZ.                          /    DMZ <=> system
Internet <=> firewall <=>  LAN
The firewall will govern what requests from a system on DMZ will be allowed

No DMZ
Internet <=> firewall <=> LAN included the system reverse proxy


DMZ is commonly used, its implementation functionality and scope varies by the capability of the firewall used.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question