Solved

Why DMZ proxy's are more secure

Posted on 2014-04-02
1
311 Views
Last Modified: 2014-04-02
I had asked a slightly different question previously, but I need clarification

Why would a Proxy on a DMZ be more secure than a port forwarding from the firewall
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 15

Accepted Solution

by:
achaldave earned 500 total points
ID: 39972551
DMZ proxy adds extra layer of protection to your internal network, DMZ proxy can authenticate and validate requests before connect to internal server and returning back results. Some of the proxies can also monitor requests and block any malicious data (e.g. Cisco web app firewall). Port forwarding on the other hand simply forwards requests to internal server without validating or authenticating the request so it is simply direct access to your internal server, a compromised internal server means your whole network is compromised and hackers can potentially access any resource on your internal network, a compromised DMZ proxy limits this to DMZ network and with proper security  on DMZ network can further limit it to just DMZ server. In case of denial of service attack the only server will suffer outage will be your DMZ proxy but if there isn't any and you are using port forwarding the DoS attack will bring down your internal server and your internal users won't be able to access the resources on the server.
Theoretically  anything connected to internet can be hacked but adding DMZ proxy increases the process and may give you enough time to respond to such threat.
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question