BengeFaulkner778

Net and FTP Servers

Every network that has an internet connection is at danger of becoming compromised. While there are several methods that you can take to secure your LAN, the only real remedy is to close your LAN to incoming site visitors, and restrict outgoing visitors.

However some services such as internet or FTP servers require incoming connections. If you need these services you will want to take into account whether it is essential that these servers are part of the LAN, or regardless of whether they can be placed in a physically separate network known as a DMZ (or demilitarised zone if you prefer its suitable name). Ideally all servers in the DMZ will be stand alone servers, with exclusive logons and passwords for each and every server. If you require a backup server for machines within the DMZ then you must obtain a committed machine and keep the backup answer separate from the LAN backup resolution.

The DMZ will come directly off the firewall, which means that there are two routes in and out of the DMZ, site visitors to and from the web, and visitors to and from the LAN. Visitors between the DMZ and your LAN would be treated completely separately to visitors in between your DMZ and the Net. Incoming targeted traffic from the internet would be routed directly to your DMZ.

For that reason if any hacker where to compromise a machine within the DMZ, then the only network they would have access to would be the DMZ. The hacker would have little or no access to the LAN. It would also be the situation that any virus infection or other security compromise within the LAN would not be in a position to migrate to the DMZ.

In order for the DMZ to be efficient, you will have to hold the visitors in between the LAN and the DMZ to a minimum. In the majority of situations, the only site visitors required among the LAN and the DMZ is FTP. If you do not have physical access to the servers, you will also require some sort of remote management protocol such as terminal services or VNC.

Database servers

If your net servers require access to a database server, then you will need to think about exactly where to place your database. The most secure spot to find a database server is to create yet one more physically separate network referred to as the secure zone, and to spot the database server there.

The Secure zone is also a physically separate network linked straight to the firewall. The Secure zone is by definition the most secure place on the network. The only access to or from the secure zone would be the database connection from the DMZ (and LAN if required).

Exceptions to the rule

The dilemma faced by network engineers is where to place the e mail server. It demands SMTP connection to the web, but it also calls for domain access from the LAN. If you exactly where to spot this server in the DMZ, the domain traffic would compromise the integrity of the DMZ, producing it merely an extension of the LAN. Consequently in our opinion, the only place you can place an email server is on the LAN and enable SMTP targeted traffic into this server. Even so we would recommend against permitting any form of HTTP access into this server. If your users require access to their mail from outside the network, it would be far far more secure to look at some type of VPN remedy. (with the firewall handling the VPN connections. LAN based VPN servers allow the VPN visitors onto the network ahead of it is authenticated, which is never ever a great thing.) --- Bloco de notas --- Não é possível encontrar "csv" --- OK  --- --- Bloco de notas --- Não é possível encontrar "csv" --- OK  --- --- Bloco de notas --- Não é possível encontrar "csv" --- OK  ---