GriecoMatteson778

Web and FTP Servers

Each network that has an world wide web connection is at risk of getting compromised. While there are many methods that you can take to secure your LAN, the only actual solution is to close your LAN to incoming site visitors, and restrict outgoing visitors.

Nevertheless some services such as internet or FTP servers call for incoming connections. If you require these solutions you will need to have to think about whether it is important that these servers are element of the LAN, or regardless of whether they can be placed in a physically separate network known as a DMZ (or demilitarised zone if you prefer its proper name). Ideally all servers in the DMZ will be stand alone servers, with unique logons and passwords for every single server. If you demand a backup server for machines within the DMZ then you should acquire a dedicated machine and hold the backup answer separate from the LAN backup answer.

The DMZ will come directly off the firewall, which implies that there are two routes in and out of the DMZ, traffic to and from the internet, and site visitors to and from the LAN. Visitors in between the DMZ and your LAN would be treated entirely separately to visitors amongst your DMZ and the Web. Incoming targeted traffic from the world wide web would be routed straight to your DMZ.

Consequently if any hacker where to compromise a machine within the DMZ, then the only network they would have access to would be the DMZ. The hacker would have small or no access to the LAN. It would also be the case that any virus infection or other safety compromise within the LAN would not be able to migrate to the DMZ.

In order for the DMZ to be successful, you will have to hold the targeted traffic amongst the LAN and the DMZ to a minimum. In the majority of situations, the only site visitors necessary amongst the LAN and the DMZ is FTP. If you do not have physical access to the servers, you will also need some sort of remote management protocol such as terminal services or VNC.

Database servers

If your net servers demand access to a database server, then you will need to think about exactly where to place your database. The most secure spot to find a database server is to produce nevertheless yet another physically separate network known as the secure zone, and to spot the database server there.

The Secure zone is also a physically separate network connected directly to the firewall. The Secure zone is by definition the most secure spot on the network. The only access to or from the secure zone would be the database connection from the DMZ (and LAN if essential).

Exceptions to the rule

The dilemma faced by network engineers is exactly where to put the e mail server. It calls for SMTP connection to the net, yet it also calls for domain access from the LAN. If you where to location this server in the DMZ, the domain visitors would compromise the integrity of the DMZ, generating it just an extension of the LAN. For that reason in our opinion, the only place you can put an e mail server is on the LAN and let SMTP traffic into this server. Even so we would advise against allowing any type of HTTP access into this server. If your customers call for access to their mail from outside the network, it would be far more secure to look at some form of VPN answer. (with the firewall handling the VPN connections. LAN based VPN servers allow the VPN site visitors onto the network prior to it is authenticated, which is never ever a excellent point.) --- Bloco de notas --- Não é possível encontrar "csv" --- OK  --- --- Bloco de notas --- Não é possível encontrar "csv" --- OK  --- --- Bloco de notas --- Não é possível encontrar "csv" --- OK  ---