Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 312
  • Last Modified:

DMZ features

Other than hosting reverse proxy's and DNS, what other utilities would be contained within a DMZ

Thanks
0
Anthony Lucia
Asked:
Anthony Lucia
  • 2
1 Solution
 
Narender GakkaAWS / DevOps / Cloud ConsultantCommented:
to keep it simple all the public facing servers are placed in the DMZ network for obvious security reasons, and from DMZ to your LAN only the ports needed will be open that too passing the traffic through the secure IDS/IPS appliances to detect any threats.

but more info the below links :
http://en.wikipedia.org/wiki/DMZ_(computing)

and a video on physical network segmentation :
http://www.youtube.com/watch?v=cLNCYg5RorY
0
 
Anthony LuciaAuthor Commented:
That is an excellent anser, but I need to ask one more thing

Why put a ftp server, or a mail server into a DMZ.  Both servers will have to access a mail or ftp server on the host on the other size of the DMZ.  In other words, would this not just be a passthru ?
0
 
Narender GakkaAWS / DevOps / Cloud ConsultantCommented:
what if the servers in DMZ are compromised, and also all the access to the DMZ to the LAN network is blocked by default and you only allowed what is needed and you specify what kind of traffic is allowed based on the requirements to safeguard your perimeter.

This logic is clearly mentioned in the wiki page that DMZ is to add additional layer of security.

And to answer FTP server question, if incase that FTP server is just used by your internal users then Ideally you would keep it in a private network and not publish it to the world, and in case of Mail Server there is no other option but to place in in DMZ and give access based permissions etc.,

Hope this clarifies.
0
 
TintinCommented:
Why put a ftp server, or a mail server into a DMZ.  Both servers will have to access a mail or ftp server on the host on the other size of the DMZ.  In other words, would this not just be a passthru ?

In most cases, a FTP server in the DMZ will have no inbound access to servers on your internal networks.

Files are usually transferred to the DMZ FTP server by a one way push from the internal network to the DMZ.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now