Solved

DMZ features

Posted on 2014-04-21
4
296 Views
Last Modified: 2014-04-21
Other than hosting reverse proxy's and DNS, what other utilities would be contained within a DMZ

Thanks
0
Comment
Question by:Anthony Lucia
  • 2
4 Comments
 
LVL 8

Expert Comment

by:Narender Gakka
ID: 40013070
to keep it simple all the public facing servers are placed in the DMZ network for obvious security reasons, and from DMZ to your LAN only the ports needed will be open that too passing the traffic through the secure IDS/IPS appliances to detect any threats.

but more info the below links :
http://en.wikipedia.org/wiki/DMZ_(computing)

and a video on physical network segmentation :
http://www.youtube.com/watch?v=cLNCYg5RorY
0
 

Author Comment

by:Anthony Lucia
ID: 40013104
That is an excellent anser, but I need to ask one more thing

Why put a ftp server, or a mail server into a DMZ.  Both servers will have to access a mail or ftp server on the host on the other size of the DMZ.  In other words, would this not just be a passthru ?
0
 
LVL 8

Accepted Solution

by:
Narender Gakka earned 500 total points
ID: 40013125
what if the servers in DMZ are compromised, and also all the access to the DMZ to the LAN network is blocked by default and you only allowed what is needed and you specify what kind of traffic is allowed based on the requirements to safeguard your perimeter.

This logic is clearly mentioned in the wiki page that DMZ is to add additional layer of security.

And to answer FTP server question, if incase that FTP server is just used by your internal users then Ideally you would keep it in a private network and not publish it to the world, and in case of Mail Server there is no other option but to place in in DMZ and give access based permissions etc.,

Hope this clarifies.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 40013588
Why put a ftp server, or a mail server into a DMZ.  Both servers will have to access a mail or ftp server on the host on the other size of the DMZ.  In other words, would this not just be a passthru ?

In most cases, a FTP server in the DMZ will have no inbound access to servers on your internal networks.

Files are usually transferred to the DMZ FTP server by a one way push from the internal network to the DMZ.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now