EliseBarta39

EliseBarta39 — Thu, 23 Aug 2012 06:25:21 GMT

EliseBarta39: Created page with 'Internet and FTP Servers Every single network that has an internet connection is at risk of becoming compromised. Whilst there are several steps that you can take to secure your…'

Internet and FTP Servers

Every single network that has an internet connection is at risk of becoming compromised. Whilst there are several steps that you can take to secure your LAN, the only genuine remedy is to close your LAN to incoming visitors, and restrict outgoing traffic.

Even so some services such as net or FTP servers call for incoming connections. If you require these services you will need to have to consider no matter whether it is crucial that these servers are element of the LAN, or whether they can be placed in a physically separate network known as a DMZ (or demilitarised zone if you prefer its correct name). Ideally all servers in the DMZ will be stand alone servers, with unique logons and passwords for each and every server. If you need a backup server for machines inside the DMZ then you should obtain a committed machine and keep the backup resolution separate from the LAN backup resolution.

The DMZ will come directly off the firewall, which implies that there are two routes in and out of the DMZ, site visitors to and from the internet, and site visitors to and from the LAN. Site visitors amongst the DMZ and your LAN would be treated completely separately to traffic in between your DMZ and the Web. Incoming traffic from the web would be routed straight to your DMZ.

As a result if any hacker where to compromise a machine within the DMZ, then the only network they would have access to would be the DMZ. The hacker would have little or no access to the LAN. It would also be the case that any virus infection or other security compromise within the LAN would not be capable to migrate to the DMZ.

In order for the DMZ to be efficient, you will have to hold the traffic in between the LAN and the DMZ to a minimum. In the majority of cases, the only targeted traffic required among the LAN and the DMZ is FTP. If you do not have physical access to the servers, you will also need some sort of remote management protocol such as terminal services or VNC.

Database servers

If your web servers require access to a database server, then you will need to take into account where to place your database. The most secure location to find a database server is to create but another physically separate network named the secure zone, and to place the database server there.

The Secure zone is also a physically separate network connected directly to the firewall. The Secure zone is by definition the most secure spot on the network. The only access to or from the secure zone would be the database connection from the DMZ (and LAN if required).

Exceptions to the rule

The dilemma faced by network engineers is exactly where to put the e-mail server. It requires SMTP connection to the world wide web, but it also requires domain access from the LAN. If you where to spot this server in the DMZ, the domain targeted traffic would compromise the integrity of the DMZ, making it just an extension of the LAN. Therefore in our opinion, the only place you can put an email server is on the LAN and permit SMTP targeted traffic into this server. Nevertheless we would suggest against allowing any type of HTTP access into this server. If your customers call for access to their mail from outside the network, it would be far more secure to look at some type of VPN remedy. (with the firewall handling the VPN connections. LAN based VPN servers let the VPN targeted traffic onto the network before it is authenticated, which is by no means a very good factor.) [http://www.smtpsolutions.net/ human resources manager] [http://www.cashstop.com.au/ your cheque cashing] [http://australianfundraising.com.au/ try fundraisers ideas]

P-MART wiki - User contributions [en]

EliseBarta39