Main Menu
Articles Home
Most Popular Articles
Top Authors
Submit Articles
Submission Guidelines
Link to Us
Bookmark
Contact Us

Articles Categories
  ·  Computer Certification
  ·  Data Recovery
  ·  Databases
  ·  E-Learning
  ·  Hardware
  ·  Information Technology
  ·  Intra-net
  ·  Networks
  ·  Operating Systems
  ·  Programming
  ·  Security
  ·  Software
 


Partners
 
Home / Computers / Networks

Web Servers and Firewall Zones

By:Chris Weight


Web and FTP Servers



Every network that has an internet connection is at risk of being compromised. Whilst there are several steps that you can take to secure your LAN, the only real solution is to close your LAN to incoming traffic, and restrict outgoing traffic.



However some services such as web or FTP servers require incoming connections. If you require these services you will need to consider whether it is essential that these servers are part of the LAN, or whether they can be placed in a physically separate network known as a DMZ (or demilitarised zone if you prefer its proper name). Ideally all servers in the DMZ will be stand alone servers, with unique logons and passwords for each server. If you require a backup server for machines within the DMZ then you should acquire a dedicated machine and keep the backup solution separate from the LAN backup solution.



The DMZ will come directly off the firewall, which means that there are two routes in and out of the DMZ, traffic to and from the internet, and traffic to and from the LAN. Traffic between the DMZ and your LAN would be treated totally separately to traffic between your DMZ and the Internet. Incoming traffic from the internet would be routed directly to your DMZ.

Therefore if any hacker where to compromise a machine within the DMZ, then the only network they would have access to would be the DMZ. The hacker would have little or no access to the LAN. It would also be the case that any virus infection or other security compromise within the LAN would not be able to migrate to the DMZ.



In order for the DMZ to be effective, you will have to keep the traffic between the LAN and the DMZ to a minimum. In the majority of cases, the only traffic required between the LAN and the DMZ is FTP. If you do not have physical access to the servers, you will also need some sort of remote management protocol such as terminal services or VNC.



Database servers



If your web servers require access to a database server, then you will need to consider where to place your database. The most secure place to locate a database server is to create yet another physically separate network called the secure zone, and to place the database server there.

The Secure zone is also a physically separate network connected directly to the firewall. The Secure zone is by definition the most secure place on the network. The only access to or from the secure zone would be the database connection from the DMZ (and LAN if required).



Exceptions to the rule



The dilemma faced by network engineers is where to put the email server. It requires SMTP connection to the internet, yet it also requires domain access from the LAN. If you where to place this server in the DMZ, the domain traffic would compromise the integrity of the DMZ, making it simply an extension of the LAN. Therefore in our opinion, the only place you can put an email server is on the LAN and allow SMTP traffic into this server. However we would recommend against allowing any form of HTTP access into this server. If your users require access to their mail from outside the network, it would be far more secure to look at some form of VPN solution. (with the firewall handling the VPN connections. LAN based VPN servers allow the VPN traffic onto the network before it is authenticated, which is never a good thing.)



Digg del.icio.us Blink Stumble Spurl Reddit Netscape Furl

Article keywords: Firewall, internet, web server, ftp server, security, dmz, lan, IIS, SQL, hacker, hacking

Article Source: http://www.articles2k.com

Chris Weight is a writer for www.stekno.com , information for IT professionals
Top Networks Articles
  • 1). Router - Denial Of Service Attacks  By : Michael Russell
    Routers are not perfect. For that matter, nothing is. So if somebody wants to give a router more than it can handle there is a way to do this. We're going to take a look at what are called denial of service attacks. A router can only handle so much information coming into it at one time. Every machine has its limits and routers are no exceptions. Well, when the nasty trend of denial of service attacks started early this century, routers were unprepared for them.
  • 2). Fiber Optics In The Real World  By : James Croydon
    Optic fibers are used widely in the medical field for diagnosing and treating a variety of ailments. Because optic fibers can be made extremely thin and made into flexible strands, they can be used for insertion into blood vessels, lungs and other parts of the body. Optic fibers have been enabling physicians to look and work inside the body through tiny incisions with an instrument called an Endoscope.
  • 3). Six Largest Mistakes Made when Hiring a Cabling Contractor  By : Robert Deupree
    Cabling of data and voice systems is often ignored by many companies until the last minute just before relocation or new building takes place. Many information systems professionals view it as a low priority or something that just takes away from their budget for real network components such as servers or software. However having a state of the art easy to manage cabling system is just as important as good reliable servers on a network.
  • 5). Ethernet - explained  By : john
    Do you use Ethernet? You might think that you don’t, but don’t be so sure. Ethernet is everywhere – if you use a networked computer, whether it’s at home or in your office, you’re using Ethernet. Ethernet is two things: a kind of cable for connecting computers together, and the method of communication that the computers use over the cables. Essentially, it is the glue that holds LANs (local area networks) together.
  • 6). Defense Pro by Radware - the Best Computer Defense Available  By : Ariel R
    As the popular saying goes; the best defense is a good offense, so too can it be applied to computer security. To safely secure a computer network a passive firewall is no longer enough. Hackers have learned and adapted their tactics to bypass firewalls and antivirus software. What is needed to defend your computer network is an active and intelligent monitor and defender.
  • 7). Home Wireless Networks Are More Popular Than Ever  By : George Royal
    It is now very simple to set up home wireless networks. Wireless networks are very popular and are found in many places such as cafes and other public areas. There are no actual cables and the set up is very minimal. With the boom in this technology and an increase in the manufacture of this technology this has resulted in a decrease in the cost of setting up wireless networks and made them available to the typical user.
  • 8). Crime Fighting Computer Systems and Databases  By : Sam Vaknin
    As crime globalizes, so does crime fighting. Mobsters, serial killers, and terrorists cross state lines and borders effortlessly, making use of the latest advances in mass media, public transportation, telecommunications, and computer networks. The police - there are 16,000 law enforcement agencies in the Unites States alone - is never very far behind.
  • 9). Router - Transmitting Packets  By : Michael Russell
    In a previous article we discussed the basics of what a router did. We're now going to get into a more detailed, and yes technical, explanation of how packets are transmitted as well as a few other tech specs of how routers work. So put on your learning caps because you're in for a real mind bender. Internet data, whether it be in the form of a web page, a downloaded file or an email message, travels over what is called a packet switching network.
  • 10). There’s no mystery in the IP address!  By : Gamit Ana
    The Computer is a very complicated device we use for our every day comfort and the importance of some of its numerical aspects is sometimes neglected. For example: a different number is given to each computer when its user goes online or when it is part of a network. This number is the IP address and knowing about it is like knowing where you live… What’s my IP and what do its numbers stand for? IP stands for Internet Protocol and the address is formed from 4 numbers separated by periods.


New Networks Articles
  • 1). How to Build a Cat 5 Cable  By : Joe Hamilton
    STEP 1 - Stripping Start by pulling out about 12 feet of bulk network cable to making the process a little easier. Carefully remove the outer jacket of the cable exposing about 1 1/4" of the twisted pairs. Be careful when stripping the jacket as to not nick or cut the internal wiring. After removing the outer case you will notice 8 wires twisted in pairs and a rip cord (white thread).
  • 2). Network Security – The Real Vulnerabilities  By : Dennis dEntremont
    Scenario: You work in a corporate environment in which you are, at least partially, responsible for network security. You have implemented a firewall, virus and spyware protection, and your computers are all up to date with patches and security fixes. You sit there and think about the lovely job you have done to make sure that you will not be hacked.
  • 3). Small Business Networking: Suggesting Dedicated Servers to Clients  By : Joshua Feinberg
    PC-based servers and LANs may be relatively mature technologies. However, small businesses need your firm’s expertise, more than ever. For these businesses, you'll need to select, configure, customize, secure and maintain the right small business networking tools for their unique needs. Real Small Business Networking Solutions Begin with Real Servers How.
  • 4). Network Cabling: Available Options  By : Joshua Feinberg
    As their IT consultant, your small business prospects and clients will need you to explain the different network cabling options available to them. Traditional Wired Ethernet (Category 5) Until very recently, Category 5 data cabling was the de facto standard for both enterprise and small business LANs. Today, you’ll find some enhancements available to Category 5 cabling, as well as booming interest in wireless Ethernet solutions.
  • 5). Recognize And Understand Home Networking Components  By : Otis Cooper
    If you have not decided already,you will soon want to network your two or more computers in your home. You want to be armed to the teach with knowledge of just what it takes to connect your computers to one another. You first should decide which network is best your you. If your computers are in the same room,the Wireless network should not be considered.
  • 6). The Simplest Way to Get Online Passive Income  By : Isulong SEOPH
    Based on my research, this seems to be the basic principle that website owners have been following to get passive income online: * Get many people to come to your website * Get them to click on your Adsense links Sounds simple enough. Get people into your website from Google search, then link out to an Adsense Ad. Search In – Adsense Out. Practically applying it to get sufficient commendable income, however, can be quite a challenge.
  • 7). What is search engine gateway?  By : Tony Zhou
    Navino launched its search engine gateway service recently. For most of the Internet surfers, search engine gateway is a pretty new concept compared with meta search engine or multi search engine. Put it in simple, it is a web service, which can let you search the best information from the best content providers in one website. When we try to find information everyday, most of us might go to Google.
  • 8). 5 Steps to Securing Your Windows XP Home Computer  By : Richard Rogers
    Most people are aware that there are continuous security issues with Microsoft’s Windows operating system and other programs. However, what most people do not realize is how easy it is to significantly improve your computer’s security and reduce the likelihood of becoming a victim to ever increasingly sophisticated threats that lurk on the internet.
  • 9). RFID, its implications and how to defeat  By : Jon Winthrop
    Imagine a future in which your every belonging is marked with a unique number identifiable with the swipe of a scanner, where the location of your car is always pinpoint-able and where signal-emitting microchips storing personal information are implanted beneath your skin or embedded in your inner organs. This is the possible future of radio frequency.
  • 10). IT Networking: Cost-Savings, Productivity and Security  By : Joshua Feinberg
    By engaging small business decision makers in discussions about their IT networking needs, you can highlight how automating services like faxing will save your prospect’s or client’s company on manual labor, which indirectly translates into substantial salary savings over the course of the year. At the very least, network-based faxing will free up staff to focus on higher-level activities, rather than "babysitting" an archaic fax machine.


 

© 2006 articles2k.com - Privacy Policy