Questions tagged [dmz]

In computer security, a DMZ, or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. The term is normally referred to as a DMZ by information technology professionals. It is sometimes referred to as a perimeter network.

The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network.

201 questions

votes

2 answers

How big of a problem is it to punch a hole in the DMZ to one web server?

We currently have our web server in a DMZ. The web server cannot see anything within the internal network, but the internal network can see the web server. How safe would it be to punch a hole in the firewall between the DMZ and the internal network…

security firewall dmz

asked May 25 '11 at 16:35

Mike Wills

votes

4 answers

Should a webserver in the DMZ be allowed to access MSSQL in the LAN?

This should be a very basic question and I tried to research it and couldn't find a solid answer. Say you have a web server in the DMZ and a MSSQL server in the LAN. IMO, and what I've always assumed to be correct, is that the web server in the DMZ…

networking local-area-network dmz

asked Mar 24 '10 at 16:53

Allen

1,443
3
11
8

votes

2 answers

Is there a secure way to allow IIS 7 in a DMZ to access a DB server behind the firewall?

Our network admins are adamant that it is insecure for our web servers, which are hosted in the DMZ, to access the DB server behind our firewall. To get round the problem, we access the data via web services or WCF. I feel that this is an…

sql-server database iis firewall dmz

asked Aug 05 '11 at 09:14

Al Polden

votes

1 answer

Redundant web servers - 1 public addres

I'd like to host redundant internet accessible (NATed) web servers behind a f/w on the same standard ports. If I only have 1 publicly available address do i have to use a reverse proxy or load balancer? If I can get more public address space (and…

web-hosting dmz

asked Oct 12 '16 at 14:34

shoguneye

votes

3 answers

Distinction between an extranet and a DMZ

I've been reading about intranets, extranets, DMZs and VPNs now, and I'd need some clarifications related to extranets and DMZs. I understand that they are different types of concepts - extranet allows limited access to some intranet resources,…

vpn dmz intranet

asked Aug 21 '14 at 11:20

Markus Yrjölä

votes

2 answers

DMZ subnet: to NAT or not to NAT?

I'm looking at setting up a DMZ behind a Cisco ASA that will contain a large number of HTTP front-end load balancers and SSL offload services - over 100 IPs, concentrated on a smaller number of hosts. In the past I've kept all the hosts on RFC1918…

cisco nat cisco-asa ip-address dmz

asked Jul 25 '11 at 04:46

natacado

3,317
28
27

votes

4 answers

Security for university research lab systems

Being responsible for security in a university computer science department is no fun at all. And I explain: It is often the case that I get a request for installation of new hw systems or software systems that are really so experimental that I would…

networking security dmz

asked Sep 14 '12 at 14:49

ank

votes

2 answers

public ip resolves externally but not internally

I have a one to one NAT on pfsense that assigns a public IP to an internal IP (running a web server). When I open the public IP from an internal machine, it will not resolve to the internal IP, instead it opens the router web page. When I open the…

networking nat pfsense dmz

asked Feb 19 '12 at 04:55

001

votes

6 answers

Does Wireshark pose a threat when installed on a server in the DMZ?

If you install wireshark on a web server sitting in the DMZ, is there a hack that can be used to get backdoor entrace to that server even when RDP is disblaed? I'm trying to monitor the wire on the DMZ web server but getting pushback from the DMZ…

security dmz wireshark

asked Jun 12 '10 at 14:17

G33kKahuna

votes

2 answers

Virtual host on LAN - VMs on DMZ, separate NICs - is this a bad idea?

Just kicking this idea around, and wanted to see if you'll be so kind as to point out the problems I don't see. If I set up this new HyperV host as a normal domain member, the benefits are obvious. I can manage it through SCVMM, and it's got its…

security virtualization dmz

asked Jul 23 '09 at 18:43

Kara Marfia

7,892
5
32
56

votes

2 answers

Exposing IMAP server to Internet: DMZ or Port Forwarding?

We currently have all our email stored on a Dovecot IMAP server in our internal network. Client machines on the network are able to connect and access their email. Now we want to allow certain users to be able to connect in and view their email from…

reverse-proxy port-forwarding imap dmz

asked Oct 26 '11 at 13:50

FixMaker

votes

1 answer

What is a DMZ in the simplest of examples?

I am new to the world of networking and am having a hard time understanding what a DMZ is. I understand a DMZ is where you place publicly accessible servers such as Web servers, Mail servers, etc. What I am confused about is how a DMZ is setup.…

dmz

asked May 18 '11 at 06:55

PeanutsMonkey

1,832
8
26
27

votes

3 answers

Placing a server in the DMZ vs opening firewall ports

When should you place a server in a DMZ vs opening ports on the firewall and keeping it within the network? I'm referring to active directory servers, IIS servers, and mostly things on a windows based setup. Some issues I've noticed with placing in…

networking firewall dmz

asked Mar 01 '11 at 17:46

Joe Phillips

votes

3 answers

Active Directory in a DMZ

What is the best way to manage user accounts for Windows servers in a DMZ? We are expanding our web presence and adding several IIS servers to our DMZ. I would prefer not to manage a bunch of local accounts or, on the other hand, expose our internal…

active-directory dmz

asked May 27 '09 at 15:20

IdahoX

votes

1 answer

Disable EdgeRouter Lite GUI on DMZ interface

I'm using the Ubiquiti EdgeRouter in a SOHO network. I've configured it using the "WAN+2LAN2" wizard, without bridging the LAN ports. This sets up the three port router with eth0 assigned to the WAN, and eth1 and eth2 serving two separate subnets,…

dmz ubiquiti ubiquiti-edgerouter

asked Feb 23 '15 at 21:43

jsears

2 3

…

13 14 Next