DMZ features

Posted on 2014-04-21
Last Modified: 2014-04-21
Other than hosting reverse proxy's and DNS, what other utilities would be contained within a DMZ

Question by:Anthony Lucia
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Expert Comment

by:Narender Gakka
ID: 40013070
to keep it simple all the public facing servers are placed in the DMZ network for obvious security reasons, and from DMZ to your LAN only the ports needed will be open that too passing the traffic through the secure IDS/IPS appliances to detect any threats.

but more info the below links :

and a video on physical network segmentation :

Author Comment

by:Anthony Lucia
ID: 40013104
That is an excellent anser, but I need to ask one more thing

Why put a ftp server, or a mail server into a DMZ.  Both servers will have to access a mail or ftp server on the host on the other size of the DMZ.  In other words, would this not just be a passthru ?

Accepted Solution

Narender Gakka earned 500 total points
ID: 40013125
what if the servers in DMZ are compromised, and also all the access to the DMZ to the LAN network is blocked by default and you only allowed what is needed and you specify what kind of traffic is allowed based on the requirements to safeguard your perimeter.

This logic is clearly mentioned in the wiki page that DMZ is to add additional layer of security.

And to answer FTP server question, if incase that FTP server is just used by your internal users then Ideally you would keep it in a private network and not publish it to the world, and in case of Mail Server there is no other option but to place in in DMZ and give access based permissions etc.,

Hope this clarifies.
LVL 48

Expert Comment

ID: 40013588
Why put a ftp server, or a mail server into a DMZ.  Both servers will have to access a mail or ftp server on the host on the other size of the DMZ.  In other words, would this not just be a passthru ?

In most cases, a FTP server in the DMZ will have no inbound access to servers on your internal networks.

Files are usually transferred to the DMZ FTP server by a one way push from the internal network to the DMZ.

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question