albertspick.com albertspick.com
Main >> About Us >> Add Your Link >> Privacy Policy >> Terms & Conditions >> Submit Article
Search:   
Add Url
 
Add Url
 
 

Malls & Shopping
 

Recreation & Entertainment
 

Academics & Education
 

Fashion & Relationships
 

Law & Politics
 

Science & Research
 

Culture & Art
 

People & Society
 

Issues & News
 

Banking & Finance
 

Estate & Realty
 

Hygiene & Health
 

Jobs & Careers
 

Sports & Adventure
 

Automobile & Automotive
 

Travel & Accommodation
 

Medical Care
 

Cooking & Drinking
 

Children & Teens
 

Games & Play
 

Business & Commerce
 

Family & Home
 

Computers & Networking
 

Self Help
 

Main –› Computers & Networking –› Firewalls & Network Security
 

Everything about Web Servers and Firewall Zones
 

Web and FTP Servers

Every network that has an internet connection is at risk of being compromised. Whilst there are several steps that you can take to secure your LAN, the only real solution is to close your LAN to incoming traffic, and restrict outgoing traffic.

However some services such as web or FTP servers require incoming connections. If you require these services you will need to consider whether it is essential that these servers are part of the LAN, or whether they can be placed in a physically separate network known as a DMZ (or demilitarised zone if you prefer its proper name). Ideally all servers in the DMZ will be stand alone servers, with unique logons and passwords for each server. If you require a backup server for machines within the DMZ then you should acquire a dedicated machine and keep the backup solution separate from the LAN backup solution.

The DMZ will come directly off the firewall, which means that there are two routes in and out of the DMZ, traffic to and from the internet, and traffic to and from the LAN. Traffic between the DMZ and your LAN would be treated totally separately to traffic between your DMZ and the Internet. Incoming traffic from the internet would be routed directly to your DMZ.

Therefore if any hacker where to compromise a machine within the DMZ, then the only network they would have access to would be the DMZ. The hacker would have little or no access to the LAN. It would also be the case that any virus infection or other security compromise within the LAN would not be able to migrate to the DMZ.

In order for the DMZ to be effective, you will have to keep the traffic between the LAN and the DMZ to a minimum. In the majority of cases, the only traffic required between the LAN and the DMZ is FTP. If you do not have physical access to the servers, you will also need some sort of remote management protocol such as terminal services or VNC.

Database servers

If your web servers require access to a database server, then you will need to consider where to place your database. The most secure place to locate a database server is to create yet another physically separate network called the secure zone, and to place the database server there.

The Secure zone is also a physically separate network connected directly to the firewall. The Secure zone is by definition the most secure place on the network. The only access to or from the secure zone would be the database connection from the DMZ (and LAN if required).

Exceptions to the rule

The dilemma faced by network engineers is where to put the email server. It requires SMTP connection to the internet, yet it also requires domain access from the LAN. If you where to place this server in the DMZ, the domain traffic would compromise the integrity of the DMZ, making it simply an extension of the LAN. Therefore in our opinion, the only place you can put an email server is on the LAN and allow SMTP traffic into this server. However we would recommend against allowing any form of HTTP access into this server. If your users require access to their mail from outside the network, it would be far more secure to look at some form of VPN solution. (with the firewall handling the VPN connections. LAN based VPN servers allow the VPN traffic onto the network before it is authenticated, which is never a good thing.
Author: Tom Mansell
 
Author Bio:
Tom Mansell is a renowned writer. Tom likes to compose articles about this field.
 
 
 

Related Articles
 
Why Does The Link Page Have A PR Zero?
 
Lotus Domino/Notes - Microsoft Great Plains Tandem as ERP with Documents Workflow - Overview for IT
 
Are You Safe When Shopping In Online Stores?
 
What is Google AdSense?
 
A Guide To Advertising on the Internet
 
Search Engine Optimization Guidelines, The Priousol Way
 
10 Programming Tips
 
Online Portals : Storehouse of information in World News, Entertainment, Online Shopping, Sports
 
Who Really Wrote That Ebook?
 
Computer Memory Guide - What You Need to Know About Purchasing Computer Memory
 
 
 
 
 

Increasing PPC Campaign Conversions

Some advertisers might have come across a situation when their PPC campaign is generating a lot of c ... - Ivana G.
 

5 Search Engine Optimization Strategies for Newbies

Search engine optimization is a lot easier than you think. Learn the basics, follow the steps, and y ... - Jinger Jarrett
 

How Content Can Really Increase Your Sales

Search engine optimized content can help you make more sales. However, search engine optimization is ... - Jinger Jarrett
 
 

How to Ditch a "Nasty Nellie Olsen" Who's Sabotaging Your Online Event... Gracefully!

So you decided to throw one of those "virtual bashes" to gain you prestige and prominence in your ni ... - Dina M. Giolitto
 

Advanced Font Viewer - A Lever That Strengthens Your Creative Effort

The choice of available fonts is not longer limited to a pathetic pop-up list, it is now carried out ... - Alexander Styopkin
 
 
Main >> Privacy Policy >> Terms & Conditions
Copyright © www.albertspick.com - All Rights Reserved Worldwide