https://pm.haifa.ac.il/index.php?action=history&feed=atom&title=RafaelaWalton763 RafaelaWalton763 - Revision history 2026-05-16T09:24:40Z Revision history for this page on the wiki MediaWiki 1.15.1 https://pm.haifa.ac.il/index.php?title=RafaelaWalton763&diff=158530&oldid=prev RafaelaWalton763:&#32;Created page with 'Internet and FTP Servers Every single network that has an world wide web connection is at danger of becoming compromised. Whilst there are many measures that you can take to sec…' 2012-08-26T20:47:27Z <p>Created page with &#39;Internet and FTP Servers Every single network that has an world wide web connection is at danger of becoming compromised. Whilst there are many measures that you can take to sec…&#39;</p> <p><b>New page</b></p><div>Internet and FTP Servers<br /> <br /> Every single network that has an world wide web connection is at danger of becoming compromised. Whilst there are many measures that you can take to secure your LAN, the only genuine remedy is to close your LAN to incoming visitors, and restrict outgoing visitors.<br /> <br /> However some services such as web or FTP servers demand incoming connections. If you require these services you will need to contemplate regardless of whether it is important that these servers are component of the LAN, or no matter whether they can be placed in a physically separate network known as a DMZ (or demilitarised zone if you favor its proper name). Ideally all servers in the DMZ will be stand alone servers, with distinctive logons and passwords for every single server. If you demand a backup server for machines within the DMZ then you must acquire a dedicated machine and keep the backup answer separate from the LAN backup remedy.<br /> <br /> The DMZ will come directly off the firewall, which implies that there are two routes in and out of the DMZ, site visitors to and from the web, and site visitors to and from the LAN. Traffic between the DMZ and your LAN would be treated totally separately to targeted traffic between your DMZ and the Internet. Incoming traffic from the internet would be routed directly to your DMZ.<br /> <br /> Consequently if any hacker exactly where to compromise a machine inside the DMZ, then the only network they would have access to would be the DMZ. The hacker would have tiny or no access to the LAN. It would also be the case that any virus infection or other security compromise inside the LAN would not be capable to migrate to the DMZ.<br /> <br /> In order for the DMZ to be effective, you will have to maintain the visitors amongst the LAN and the DMZ to a minimum. In the majority of situations, the only visitors essential in between the LAN and the DMZ is FTP. If you do not have physical access to the servers, you will also need to have some sort of remote management protocol such as terminal services or VNC.<br /> <br /> Database servers<br /> <br /> If your net servers call for access to a database server, then you will need to have to think about exactly where to place your database. The most secure spot to locate a database server is to produce nevertheless another physically separate network called the secure zone, and to spot the database server there.<br /> <br /> The Secure zone is also a physically separate network connected straight to the firewall. The Secure zone is by definition the most secure place on the network. The only access to or from the secure zone would be the database connection from the DMZ (and LAN if essential).<br /> <br /> Exceptions to the rule<br /> <br /> The dilemma faced by network engineers is exactly where to put the e-mail server. It requires SMTP connection to the net, nevertheless it also demands domain access from the LAN. If you exactly where to place this server in the DMZ, the domain traffic would compromise the integrity of the DMZ, producing it merely an extension of the LAN. As a result in our opinion, the only place you can put an e-mail server is on the LAN and allow SMTP visitors into this server. However we would suggest against enabling any form of HTTP access into this server. If your customers require access to their mail from outdoors the network, it would be far far more secure to look at some type of VPN resolution. (with the firewall handling the VPN connections. LAN based VPN servers permit the VPN visitors onto the network before it is authenticated, which is by no means a excellent thing.) ---------------------------<br /> Bloco de notas<br /> ---------------------------<br /> Não é possível encontrar &quot;csv&quot;<br /> ---------------------------<br /> OK <br /> --------------------------- ---------------------------<br /> Bloco de notas<br /> ---------------------------<br /> Não é possível encontrar &quot;csv&quot;<br /> ---------------------------<br /> OK <br /> --------------------------- ---------------------------<br /> Bloco de notas<br /> ---------------------------<br /> Não é possível encontrar &quot;csv&quot;<br /> ---------------------------<br /> OK <br /> ---------------------------</div> RafaelaWalton763