philb19
asked on
ASA NAT of http outside interface to inside server IP
Hi. I have setup this NAT all ok. I do have a concern around security however. I know essentially that all NAT will do is hide the internal IP and doesn't provide sufficient security against targeted attacks over port 80. Essentially port 80 is open to the outside world to an internal IP which is not great from a security point of view.
I am aware there are better ways to do this - DMZ etc - My question is how common is it that this type of NAT would be setup. Have engineers seen this configuration frequently?
I am aware there are better ways to do this - DMZ etc - My question is how common is it that this type of NAT would be setup. Have engineers seen this configuration frequently?
Is there a special reason why you have port 80 open to the outside world?
A DMZ is really just a place where you place servers you want to allow access to by "anybody" from the Internet. As John Hurst stated, its not protected. It really just allows you to protect your "internal" network better.
If the server were you have port 80 open is for "employee" access only, then setting up a VPN will allow you to close port 80 to the general public while allowing your fellow employees to access it.
A DMZ is really just a place where you place servers you want to allow access to by "anybody" from the Internet. As John Hurst stated, its not protected. It really just allows you to protect your "internal" network better.
If the server were you have port 80 open is for "employee" access only, then setting up a VPN will allow you to close port 80 to the general public while allowing your fellow employees to access it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
DMZ is not meant for to protect servers either.
Get a VPN router, install that in front of your ISP modem, set up IPsec VPN and hook the server to that. I have had client servers behind strong VPN for years with zero intrusions.