Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Security Services for DMZ demilitarized zone

Security Services for DMZ demilitarized zone

Ratings: (0)|Views: 34 |Likes:
Published by Sekhar Babu B
Services in the DMZ

Any service that is being provided to users on the external network can be placed in the DMZ. The most common of these services are:

Web servers
Mail servers
FTP servers
VoIP servers

Web servers that communicate with an internal database require access to a database server, which may not be publicly accessible and may contain sensitive information. The web servers can communicate with database servers either directly or through an application firewall for security reasons.

E-mail messages and particularly the user database are confidential information, so they are typically stored on servers that cannot be accessed from the Internet (at least not in an insecure manner), but can be accessed from the SMTP servers that are exposed to the Internet.

The mail server inside the DMZ passes incoming mail to the secured/internal mail servers. It also handles outgoing mail.

For security, legal compliance[clarify] and monitoring reasons, in a business environment, some enterprises install a proxy server within the DMZ. This has the following consequences:

Obliges the internal users (usually employees) to use the proxy to get Internet access.
Allows the company to reduce Internet access bandwidth requirements because some of the web content may be cached by the proxy server.
Simplifies the recording and monitoring of user activities and block content violating acceptable use policies.

A reverse proxy server, like a proxy server, is an intermediary, but is used the other way around. Instead of providing a service to internal users wanting to access an external network, it provides indirect access for an external network (usually the Internet) to internal resources. For example, a back office application access, such as an email system, could be provided to external users (to read emails while outside the company) but the remote user would not have direct access to their email server. Only the reverse proxy server can physically access the internal email server. This is an extra layer of security, which is particularly recommended when internal resources need to be accessed from the outside. Usually such a reverse proxy mechanism is provided by using an application layer firewall as they focus on the specific shape of the traffic rather than controlling access to specific TCP and UDP ports as a packet filter firewall does.
Services in the DMZ

Any service that is being provided to users on the external network can be placed in the DMZ. The most common of these services are:

Web servers
Mail servers
FTP servers
VoIP servers

Web servers that communicate with an internal database require access to a database server, which may not be publicly accessible and may contain sensitive information. The web servers can communicate with database servers either directly or through an application firewall for security reasons.

E-mail messages and particularly the user database are confidential information, so they are typically stored on servers that cannot be accessed from the Internet (at least not in an insecure manner), but can be accessed from the SMTP servers that are exposed to the Internet.

The mail server inside the DMZ passes incoming mail to the secured/internal mail servers. It also handles outgoing mail.

For security, legal compliance[clarify] and monitoring reasons, in a business environment, some enterprises install a proxy server within the DMZ. This has the following consequences:

Obliges the internal users (usually employees) to use the proxy to get Internet access.
Allows the company to reduce Internet access bandwidth requirements because some of the web content may be cached by the proxy server.
Simplifies the recording and monitoring of user activities and block content violating acceptable use policies.

A reverse proxy server, like a proxy server, is an intermediary, but is used the other way around. Instead of providing a service to internal users wanting to access an external network, it provides indirect access for an external network (usually the Internet) to internal resources. For example, a back office application access, such as an email system, could be provided to external users (to read emails while outside the company) but the remote user would not have direct access to their email server. Only the reverse proxy server can physically access the internal email server. This is an extra layer of security, which is particularly recommended when internal resources need to be accessed from the outside. Usually such a reverse proxy mechanism is provided by using an application layer firewall as they focus on the specific shape of the traffic rather than controlling access to specific TCP and UDP ports as a packet filter firewall does.

More info:

Published by: Sekhar Babu B on Apr 10, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

04/10/2013

pdf

text

original

You're Reading a Free Preview
Pages 2 to 7 are not shown in this preview.

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->