IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [dmz]

In computer security, a DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a usually larger and untrusted network, usually the Internet.

The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external network node only has direct access to equipment in the DMZ, rather than any other part of the network. The name is derived from the term "demilitarized zone", an area between nation states in which military operation is not permitted.

More information can be found on Wikipedia.

71 questions
63
votes
8 answers

How do you explain to experts that a database server should not reside in the DMZ?

Our security experts, database administrators, network team and infrastructure team are all saying it's OK to have the database server located in the DMZ along with the HTTP server and middle-ware server. Their reason: If the database server is…
bruce bana
  • 633
  • 1
  • 5
  • 7
9
votes
1 answer

Would a DMZ be safe to use with a software firewall for home networking?

If I set up a Windows 10 PC with a software firewall (TinyWall, which is a front end for Windows Firewall) and blocked all traffic except for a few applications and ports I would be using (Minecraft server and Plex server), would it be safe to put…
Atlantic
  • 93
  • 1
  • 1
  • 4
8
votes
2 answers

Why is forwarding port 80 more insecure than the others?

I'm doing an internship in a very little company and I need to configure the network. They have a Cisco router. I couldn't find the logs to login so I called their internet provider. Apparently they configured the Cisco router and doesn't allow…
Xavier59
  • 2,874
  • 3
  • 17
  • 34
7
votes
3 answers

Non-Sensitive/Non-Critical Database and Web server protections?

I have an unrestricted DMZ that is currently set up with a non-critical/non-sensitive web server and database server inside. The database server gets interfaces from two critical systems but does not store any critical information. I am thinking…
Angie
  • 71
  • 3
6
votes
2 answers

What's the point of a DMZ if it has access to a DB inside inner network?

I understand that you place public facing servers in a DMZ and so if they are compromised, it doesn't compromise the inner network. In order to do so, the outer firewall forwards ports (80 and 443 in my case) to web servers. From this, I understand…
Raphaël
  • 61
  • 3
5
votes
2 answers

DMZ and mail servers

I've seen a few DMZ related questions here in the past, but wanted to ask one directly related to email. I've done some research on this, but wanted to ask the forums opinion. I know it's best practice not to have anything externally hit your LAN…
Contego
  • 145
  • 1
  • 5
4
votes
2 answers

DMZ for outbound connections

From a design perspective, is it a good idea to put servers that need to perform outbound connections to internet in a separate DMZ? These servers would be servers like web filters, WSUS servers, etc.
Othman
  • 587
  • 5
  • 16
4
votes
1 answer

Is vmware vulnerable to shellshock?

We have tons of vmware hosted servers in our DMZ environment, with the recent shellshock bash bug, what do I need to do to protect our environment?
Overachiever
  • 143
  • 1
  • 4
4
votes
1 answer

DMZ Firewall settings

I am involved in project where I have to install a new server for a new application to a preexisting production network. The new server shall sit in the DMZ and two controllers will sit on the production network. The network has one firewall with…
DavyGravy
  • 143
  • 3
4
votes
2 answers

Risk to Domain members in a Domain that's extended into the DMZ

I am an AD administrator trying to look at things from an application server owner's perspective. Imagine a scenario where an AD domain covers authentication in both the corporate LAN and the DMZ. The LAN has RWDC's the DMZ has RODC's, standard…
idarryl
  • 113
  • 10
3
votes
1 answer

Internal IP addresses allowed access to all DMZ hosts

Hi basically I'm doing a vulnerability assessment for at the moment. The setup includes a DMZ with a single firewall and an internal network (3 legged network model employing a single DMZ) but on the network all internal IP addresses have access to…
user1949280
  • 61
  • 1
  • 2
3
votes
2 answers

Any network related security benefits using RODC (Read Only DC) in DMZ?

Windows servers in the DMZ need to communicate with the Active Directory. I do not like that the servers will have direct communication with my Active Directory, so I consider installing a Read-Only Domain Controller that replicate the real one. It…
Dog eat cat world
  • 5,759
  • 1
  • 27
  • 46
3
votes
1 answer

Setup network with IoT devices

I bought a new router and I'm thinking to make my network a bit smarter from the security aspect. My question is now: How can I make sure that an attacker cannot get into my "secure" network with properly insecure IoT devices (like SmartTVs,…
rekire
  • 133
  • 3
3
votes
2 answers

Windows Servers in DMZ - managed via AD or standalone?

From a security point of view, does it make sense to connect the Windows servers that are running within the DMZ and should be reachable from the Web to the AD (running within the core network)? Or rather manage them by a DMZ AD or just standalone?…
user178620
  • 49
  • 2
  • 5
3
votes
2 answers

Database Protection : External & Internal

My company is using a weird database setup and I can't really figure what it is adding in term of security. Our Setup Outside World [Firewall] DMZ – Web Server [Firewall] External Database [Firewall] Internal Database The web server can only…
Gudradain
  • 6,921
  • 2
  • 26
  • 43
1
2 3 4 5