Solved

Why DMZ proxy's are more secure

Posted on 2014-04-02
1
301 Views
Last Modified: 2014-04-02
I had asked a slightly different question previously, but I need clarification

Why would a Proxy on a DMZ be more secure than a port forwarding from the firewall
0
Comment
Question by:Anthony Lucia
1 Comment
 
LVL 15

Accepted Solution

by:
achaldave earned 500 total points
ID: 39972551
DMZ proxy adds extra layer of protection to your internal network, DMZ proxy can authenticate and validate requests before connect to internal server and returning back results. Some of the proxies can also monitor requests and block any malicious data (e.g. Cisco web app firewall). Port forwarding on the other hand simply forwards requests to internal server without validating or authenticating the request so it is simply direct access to your internal server, a compromised internal server means your whole network is compromised and hackers can potentially access any resource on your internal network, a compromised DMZ proxy limits this to DMZ network and with proper security  on DMZ network can further limit it to just DMZ server. In case of denial of service attack the only server will suffer outage will be your DMZ proxy but if there isn't any and you are using port forwarding the DoS attack will bring down your internal server and your internal users won't be able to access the resources on the server.
Theoretically  anything connected to internet can be hacked but adding DMZ proxy increases the process and may give you enough time to respond to such threat.
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
jump server vs push server 6 149
Compromised PC? 17 169
Ubiquiti Unifi AP-AC - does this support 2 networks like 192.0.0.x and 10.0.0.x? 3 64
By pass website on ASA for Websense 4 49
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now