domain registration

Internet Servers and Firewall software Zones

by terhunetech on April 6, 2011

Internet and FTP Servers

Every network which has an internet connection is at threat of becoming compromised. Whilst there are several actions that you are able to consider to secure your LAN, the only real solution would be to shut your LAN to incoming visitors, and limit outgoing visitors.

However some solutions like web or FTP servers need incoming connections. If you require these services you will require to think about whether or not it’s important that these servers are component of the LAN, or whether they can be placed in a physically separate network referred to as a DMZ (or demilitarised zone in the event you prefer its proper name). Ideally all servers in the DMZ will probably be stand alone servers, with distinctive logons and passwords for every server. If you need a backup server for devices within the DMZ then you should obtain a dedicated machine and keep the backup solution separate through the LAN backup answer.

The DMZ will arrive directly off the firewall, which means that there are two routes in and out of the DMZ, visitors to and from the web, and visitors to and from the LAN. Visitors in between the DMZ as well as your LAN could be handled completely separately to visitors between your DMZ and also the Internet. Incoming visitors from the web would be routed straight for your DMZ.
Consequently if any hacker where to compromise a machine within the DMZ, then the one network they’d have entry to would be the DMZ. The hacker would have small or no entry towards the LAN. It would also be the case that any virus infection or other security compromise inside the LAN would not have the ability to migrate towards the DMZ.

In order for the DMZ to become effective, you’ll need to maintain the traffic in between the LAN and the DMZ to a minimal. In the majority of cases, the only traffic needed between the LAN and also the DMZ is FTP. In the event you do not have bodily entry towards the servers, you will also require some kind of remote management protocol like terminal solutions or VNC.

Database servers

If your web servers need entry to a database server, then you will need to think about where to location your database. Probably the most secure place to find a database server is to produce yet another physically separate network known as the safe zone, and to location the database server there.
The Secure zone is also a physically separate network linked directly to the firewall. The Secure zone is by definition the most secure location around the network. The one entry to or from the secure zone would be the database connection through the DMZ (and LAN if needed).

Exceptions to the rule

The problem confronted by network engineers is where to put the email server. It requires SMTP connection to the internet, however in addition, it requires domain access from the LAN. In the event you where to location this server in the DMZ, the domain traffic would compromise the integrity with the DMZ, making it simply an extension with the LAN. Consequently in our viewpoint, the one place you can place an email server is around the LAN and permit SMTP visitors into this server. However we’d suggest against permitting any form of HTTP access into this server. If your users require entry to their mail from outside the network, it would be far much more safe to take a look at some form of VPN solution. (using the firewall dealing with the VPN connections. LAN primarily based VPN servers allow the VPN traffic onto the network before it is authenticated, which is never a great factor.)

Related posts:

  1. Chat Software Programs
  2. Eliminate Broken Links and Preserve Your Internet Website Error-Free
  3. Colocation Website Hosting
  4. A Computer Firewall is Your Main Defense against Virtual Attacks
  5. Anti Phishing Software Program

Leave a Comment

Previous post:

Next post: