DinardoHomes33: Created page with 'Web and FTP Servers Every network that has an net connection is at danger of becoming compromised. Whilst there are many steps that you can take to secure your LAN, the only rea…'

DinardoHomes33 — Sun, 26 Aug 2012 20:47:27 GMT

Created page with 'Web and FTP Servers Every network that has an net connection is at danger of becoming compromised. Whilst there are many steps that you can take to secure your LAN, the only rea…'

New page

Web and FTP Servers

Every network that has an net connection is at danger of becoming compromised. Whilst there are many steps that you can take to secure your LAN, the only real solution is to close your LAN to incoming site visitors, and restrict outgoing traffic.

Nevertheless some services such as web or FTP servers require incoming connections. If you require these solutions you will want to contemplate regardless of whether it is vital that these servers are portion of the LAN, or whether they can be placed in a physically separate network recognized as a DMZ (or demilitarised zone if you choose its correct name). Ideally all servers in the DMZ will be stand alone servers, with unique logons and passwords for each and every server. If you require a backup server for machines within the DMZ then you should acquire a dedicated machine and preserve the backup resolution separate from the LAN backup answer.

The DMZ will come directly off the firewall, which indicates that there are two routes in and out of the DMZ, targeted traffic to and from the net, and site visitors to and from the LAN. Site visitors between the DMZ and your LAN would be treated entirely separately to site visitors between your DMZ and the World wide web. Incoming site visitors from the world wide web would be routed straight to your DMZ.

For that reason if any hacker where to compromise a machine inside the DMZ, then the only network they would have access to would be the DMZ. The hacker would have tiny or no access to the LAN. It would also be the case that any virus infection or other safety compromise inside the LAN would not be in a position to migrate to the DMZ.

In order for the DMZ to be helpful, you will have to hold the targeted traffic among the LAN and the DMZ to a minimum. In the majority of situations, the only site visitors necessary amongst the LAN and the DMZ is FTP. If you do not have physical access to the servers, you will also require some sort of remote management protocol such as terminal solutions or VNC.

Database servers

If your web servers call for access to a database server, then you will need to consider exactly where to place your database. The most secure place to locate a database server is to produce yet one more physically separate network referred to as the secure zone, and to spot the database server there.

The Secure zone is also a physically separate network connected directly to the firewall. The Secure zone is by definition the most secure location on the network. The only access to or from the secure zone would be the database connection from the DMZ (and LAN if needed).

Exceptions to the rule

The dilemma faced by network engineers is exactly where to put the email server. It requires SMTP connection to the web, however it also needs domain access from the LAN. If you exactly where to place this server in the DMZ, the domain traffic would compromise the integrity of the DMZ, producing it just an extension of the LAN. Consequently in our opinion, the only location you can place an e-mail server is on the LAN and enable SMTP site visitors into this server. Nonetheless we would advise against enabling any form of HTTP access into this server. If your customers call for access to their mail from outside the network, it would be far more secure to appear at some type of VPN solution. (with the firewall handling the VPN connections. LAN based VPN servers let the VPN site visitors onto the network just before it is authenticated, which is by no means a great issue.) ---------------------------
Bloco de notas
---------------------------
Não é possível encontrar "csv"
---------------------------
OK
--------------------------- ---------------------------
Bloco de notas
---------------------------
Não é possível encontrar "csv"
---------------------------
OK
--------------------------- ---------------------------
Bloco de notas
---------------------------
Não é possível encontrar "csv"
---------------------------
OK
---------------------------

DinardoHomes33 - Revision history

DinardoHomes33: Created page with 'Web and FTP Servers Every network that has an net connection is at danger of becoming compromised. Whilst there are many steps that you can take to secure your LAN, the only rea…'