Re: How vulnerable server will become if placed on DMZ ?
From: karl [x y] (jamescagney90210@excite.com)
Date: 08/21/02
- Next message: karl [x y]: "Re: administrator can't logon"
- Previous message: karl [x y]: "Re: outbound connections"
- In reply to: Marlon Brown: "How vulnerable server will become if placed on DMZ ?"
- Next in thread: Marlon Brown: "Re: How vulnerable server will become if placed on DMZ ?"
- Reply: Marlon Brown: "Re: How vulnerable server will become if placed on DMZ ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "karl [x y]" <jamescagney90210@excite.com> Date: Wed, 21 Aug 2002 07:56:25 -0400
"Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
news:eIHhDoNSCHA.2272@tkmsftngp11...
> I have a type of Web Server (proprietary web server).
> This server needs to be accessed from the Internet.
> I have a firewall and TCP 80 inbound and outbound should be configured to
> allow people to access the described server from the Internet.
>
> Third party software vendor recommended that the server is placed on the
> "DMZ".
> When it comes to security, how badly am I going to increase potential
> threats if I put the server on the "DMZ" instead of keeping it "inside" my
> network ?
The idea of a DMZ is not to subject your web server to greater risk, but to
protect your internal network from a compromised web server. A DMZ can also
give you greater control over what traffic is permitted and denied to and
from which network. [e.g. right now I bet you have little or no control or
logging concerning what traffic flows between your internal network and the
web server]. A DMZ is generally considered better security for your entire
network as compared to what you probably have now, a single firewall.
In setting up a DMZ, you face some choices... a single firewall with a third
network interface for an isolated DMZ network, a second firewall with the
DMZ network in between the two firewalls, a second firewall with a third
network interface, a proxy server, etc. The book Building Internet
Firewalls is considered a little dated but describes firewall architectures
and filters.
Setting up a web server without compromising your network security takes
some knowledge. If you aren't already an expert at DMZs and other facets of
internet security, I would highly recommend finding a security consultant to
help. Hopefully you've already configured your web server and Windows with
the latest patches, settings and permissions using all available security
hardening checklists. An awful lot of serious network compromises can slip
through a firewall on a single port such as TCP 80.
- Next message: karl [x y]: "Re: administrator can't logon"
- Previous message: karl [x y]: "Re: outbound connections"
- In reply to: Marlon Brown: "How vulnerable server will become if placed on DMZ ?"
- Next in thread: Marlon Brown: "Re: How vulnerable server will become if placed on DMZ ?"
- Reply: Marlon Brown: "Re: How vulnerable server will become if placed on DMZ ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
