Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 235
  • Last Modified:

Accessing Servers on the Firewall DMZ from the Internal Network

We have an FTP server on the DMZ of our firewall.
External access is available from selected FTP clients on the Internet.
Internal access is available from FTP clients on the Internal network.

My questions are these:

Is it possible to enable greater Internal Access to the FTP Server host without compromising security? For example could the file system of the FTP Server Host (a Windows Box) be shared by Windows clients on the Internal network? If this is not the best (most secure?) way of accessing the server, what alternatives are there and what are their Pros and Cons? In essence, what is the normal way that connectivity is maintained between servers on the DMZ and internal networks?
0
ajmcqueen
Asked:
ajmcqueen
1 Solution
 
eeRootCommented:
Depending on your firewall, you may be able to set up a VPN tunnel on the internal -> DMZ interface so that approved users can connect to the DMZ when they need to, but not be connected all the time.  Alternatively, you can identify what TCP & UDP ports are needed for the server management, and open those ports.  It does pose a risk though, if your internal PC's become infected by a virus or hacked, the DMZ will then be reachable by one of these threats.

Another option is to set up a utility DMZ that is used for management of the other DMZ's.  Backups, file transfers, and other IT tasks could be performed by a few servers in the utility DMZ, with firewall rules allowing the mgmt servers access to the existing DMZ, and IT admins accessing the mgmt DMZ via a VPN tunnel.  This is a lot of work to set up, but it gives you a "double hop" between your internal network and DMZ, so that viruses & hackers that get into one segment of you netowrk, will have a harder time getting into the other.
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now