DMZ features

Posted on 2014-04-21
Medium Priority
Last Modified: 2014-04-21
Other than hosting reverse proxy's and DNS, what other utilities would be contained within a DMZ

Question by:Anthony Lucia
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Expert Comment

by:Narender Gakka
ID: 40013070
to keep it simple all the public facing servers are placed in the DMZ network for obvious security reasons, and from DMZ to your LAN only the ports needed will be open that too passing the traffic through the secure IDS/IPS appliances to detect any threats.

but more info the below links :

and a video on physical network segmentation :

Author Comment

by:Anthony Lucia
ID: 40013104
That is an excellent anser, but I need to ask one more thing

Why put a ftp server, or a mail server into a DMZ.  Both servers will have to access a mail or ftp server on the host on the other size of the DMZ.  In other words, would this not just be a passthru ?

Accepted Solution

Narender Gakka earned 2000 total points
ID: 40013125
what if the servers in DMZ are compromised, and also all the access to the DMZ to the LAN network is blocked by default and you only allowed what is needed and you specify what kind of traffic is allowed based on the requirements to safeguard your perimeter.

This logic is clearly mentioned in the wiki page that DMZ is to add additional layer of security.

And to answer FTP server question, if incase that FTP server is just used by your internal users then Ideally you would keep it in a private network and not publish it to the world, and in case of Mail Server there is no other option but to place in in DMZ and give access based permissions etc.,

Hope this clarifies.
LVL 48

Expert Comment

ID: 40013588
Why put a ftp server, or a mail server into a DMZ.  Both servers will have to access a mail or ftp server on the host on the other size of the DMZ.  In other words, would this not just be a passthru ?

In most cases, a FTP server in the DMZ will have no inbound access to servers on your internal networks.

Files are usually transferred to the DMZ FTP server by a one way push from the internal network to the DMZ.

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
What we learned in Webroot's webinar on multi-vector protection.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question