Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: ???DMZ???

???DMZ??? 14 years 4 weeks ago #6024

  • Maskkkk
  • Maskkkk's Avatar Topic Author
  • Offline
  • Frequent Member
  • Frequent Member
  • Posts: 42
  • Thank you received: 0
Okay you put your mail server and your webserver on the DMZ.
Now your not supose to put anything but read only data on computers on the DMZ. Also your not suppose to bring the computers on the DMZ back into your network. So how is it then that you store data on these machines when it comes in from users on the internet? For instance data in a database, or...a message board?
[img]http://home.pct.edu/~leeand00/Hole in the Ozone Layer.gif

- A Man is not an island...that's why we have fourms!

DMZ 14 years 3 weeks ago #6029

The DMZ (stupid name for it if ever there was one) is a sort of half-way house between the evil internet and your protected LAN. If you put your public facing web server on your LAN you would have to open up incoming firewall rules to it, and that would expose your LAN to risk. So you put it on a DMZ instead. That way you can have the required rules open from the world onto the DMZ but not from the world direct to the LAN.
So far so good, but now to your question. Who says you can't put incoming data onto your DMZ server(s)? As you point out, if you had a purchasing website up then you wouldn't do much trade otherwise! The key is sensible firewall rules. Only allow what needs to be allowed, from defined hosts, and to/from the defined networks in your setup. That should protect you from most of the trouble (though I'm sure Sahirh could still get in!).
And yes, I'd be very wary of taking the DMZ server off the DMZ and plugging it into the LAN for maintenance. If your firewall is set up correctly then you shouldn't need to.
A suggestion from a colleague looking over my shoulder is to think of the DMZ as a doorman or club bouncer - you can come through the door but only if your name is on the list...

Re: ???DMZ??? 14 years 3 weeks ago #6031

A suggestion from a colleague looking over my shoulder is to think of the DMZ as a doorman or club bouncer - you can come through the door but only if your name is on the list...


Good Analogy!

:D
  • Page:
  • 1
Time to create page: 0.128 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup