DMZ features

Posted on 2014-04-21
Last Modified: 2014-04-21
Other than hosting reverse proxy's and DNS, what other utilities would be contained within a DMZ

Question by:Anthony Lucia
  • 2

Expert Comment

by:Narender Gakka
ID: 40013070
to keep it simple all the public facing servers are placed in the DMZ network for obvious security reasons, and from DMZ to your LAN only the ports needed will be open that too passing the traffic through the secure IDS/IPS appliances to detect any threats.

but more info the below links :

and a video on physical network segmentation :

Author Comment

by:Anthony Lucia
ID: 40013104
That is an excellent anser, but I need to ask one more thing

Why put a ftp server, or a mail server into a DMZ.  Both servers will have to access a mail or ftp server on the host on the other size of the DMZ.  In other words, would this not just be a passthru ?

Accepted Solution

Narender Gakka earned 500 total points
ID: 40013125
what if the servers in DMZ are compromised, and also all the access to the DMZ to the LAN network is blocked by default and you only allowed what is needed and you specify what kind of traffic is allowed based on the requirements to safeguard your perimeter.

This logic is clearly mentioned in the wiki page that DMZ is to add additional layer of security.

And to answer FTP server question, if incase that FTP server is just used by your internal users then Ideally you would keep it in a private network and not publish it to the world, and in case of Mail Server there is no other option but to place in in DMZ and give access based permissions etc.,

Hope this clarifies.
LVL 48

Expert Comment

ID: 40013588
Why put a ftp server, or a mail server into a DMZ.  Both servers will have to access a mail or ftp server on the host on the other size of the DMZ.  In other words, would this not just be a passthru ?

In most cases, a FTP server in the DMZ will have no inbound access to servers on your internal networks.

Files are usually transferred to the DMZ FTP server by a one way push from the internal network to the DMZ.

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Account Lockouts 25 150
Move Malwarebytes Enterprise to perimeter of our Cisco ASA? Ideas for setup? 6 97
yahoo Hacks 9 93
Protecting a SKY 4.0 (Android) devise 15 101
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now