RupertKagan145

RupertKagan145 — Thu, 23 Aug 2012 06:25:21 GMT

RupertKagan145: Created page with 'Internet and FTP Servers Every single network that has an world wide web connection is at danger of getting compromised. Whilst there are several steps that you can take to secu…'

Internet and FTP Servers

Every single network that has an world wide web connection is at danger of getting compromised. Whilst there are several steps that you can take to secure your LAN, the only true answer is to close your LAN to incoming targeted traffic, and restrict outgoing traffic.

Nevertheless some solutions such as internet or FTP servers demand incoming connections. If you require these solutions you will need to think about whether or not it is crucial that these servers are part of the LAN, or whether or not they can be placed in a physically separate network identified as a DMZ (or demilitarised zone if you favor its correct name). Ideally all servers in the DMZ will be stand alone servers, with distinctive logons and passwords for each server. If you require a backup server for machines inside the DMZ then you must obtain a committed machine and maintain the backup solution separate from the LAN backup answer.

The DMZ will come directly off the firewall, which means that there are two routes in and out of the DMZ, targeted traffic to and from the net, and traffic to and from the LAN. Traffic among the DMZ and your LAN would be treated completely separately to targeted traffic amongst your DMZ and the World wide web. Incoming site visitors from the world wide web would be routed straight to your DMZ.

For that reason if any hacker exactly where to compromise a machine inside the DMZ, then the only network they would have access to would be the DMZ. The hacker would have tiny or no access to the LAN. It would also be the situation that any virus infection or other safety compromise within the LAN would not be capable to migrate to the DMZ.

In order for the DMZ to be successful, you will have to hold the site visitors amongst the LAN and the DMZ to a minimum. In the majority of situations, the only targeted traffic required between the LAN and the DMZ is FTP. If you do not have physical access to the servers, you will also need to have some sort of remote management protocol such as terminal services or VNC.

Database servers

If your internet servers require access to a database server, then you will want to take into account where to location your database. The most secure place to locate a database server is to produce nevertheless another physically separate network known as the secure zone, and to spot the database server there.

The Secure zone is also a physically separate network linked straight to the firewall. The Secure zone is by definition the most secure location on the network. The only access to or from the secure zone would be the database connection from the DMZ (and LAN if necessary).

Exceptions to the rule

The dilemma faced by network engineers is exactly where to place the e mail server. It needs SMTP connection to the web, yet it also demands domain access from the LAN. If you exactly where to spot this server in the DMZ, the domain traffic would compromise the integrity of the DMZ, making it merely an extension of the LAN. For that reason in our opinion, the only location you can place an email server is on the LAN and allow SMTP visitors into this server. Nevertheless we would advocate against allowing any type of HTTP access into this server. If your customers demand access to their mail from outside the network, it would be far much more secure to appear at some type of VPN solution. (with the firewall handling the VPN connections. LAN based VPN servers allow the VPN targeted traffic onto the network prior to it is authenticated, which is by no means a good factor.) [http://www.smtpsolutions.net/ inside free outgoing smtp server] [http://australianfundraising.com.au/ try fundraisers ideas] [http://www.cashstop.com.au/ pay day loan online]

P-MART wiki - User contributions [en]

RupertKagan145