Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: ???DMZ???

???DMZ??? 12 years 3 weeks ago #6024

  • Maskkkk
  • Maskkkk's Avatar
  • Offline
  • Frequent Member
  • Posts: 42
  • Karma: 0
Okay you put your mail server and your webserver on the DMZ.
Now your not supose to put anything but read only data on computers on the DMZ. Also your not suppose to bring the computers on the DMZ back into your network. So how is it then that you store data on these machines when it comes in from users on the internet? For instance data in a database, or...a message board?


- A Man is not an island...that's why we have fourms!
The administrator has disabled public write access.

DMZ 12 years 2 weeks ago #6029

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
The DMZ (stupid name for it if ever there was one) is a sort of half-way house between the evil internet and your protected LAN. If you put your public facing web server on your LAN you would have to open up incoming firewall rules to it, and that would expose your LAN to risk. So you put it on a DMZ instead. That way you can have the required rules open from the world onto the DMZ but not from the world direct to the LAN.
So far so good, but now to your question. Who says you can't put incoming data onto your DMZ server(s)? As you point out, if you had a purchasing website up then you wouldn't do much trade otherwise! The key is sensible firewall rules. Only allow what needs to be allowed, from defined hosts, and to/from the defined networks in your setup. That should protect you from most of the trouble (though I'm sure Sahirh could still get in!).
And yes, I'd be very wary of taking the DMZ server off the DMZ and plugging it into the LAN for maintenance. If your firewall is set up correctly then you shouldn't need to.
A suggestion from a colleague looking over my shoulder is to think of the DMZ as a doorman or club bouncer - you can come through the door but only if your name is on the list...
The administrator has disabled public write access.

Re: ???DMZ??? 12 years 2 weeks ago #6031

  • Cool_Spot
  • Cool_Spot's Avatar
  • Offline
  • Frequent Member
  • Posts: 61
  • Karma: 0
A suggestion from a colleague looking over my shoulder is to think of the DMZ as a doorman or club bouncer - you can come through the door but only if your name is on the list...

Good Analogy!

:D
The administrator has disabled public write access.
Time to create page: 0.075 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup