Q

Placing your servers outside the DMZ

Our Web, FTP (file transfer protocol) and DNS (domain name system) servers are placed in a DMZ (demilitarized zone) and allowed access from the outside zone on only certain ports. If I keep the servers in the inside zone and then allow outside access to the ports, what is the difference? We practically use the same commands in Cisco PIX firewall to allow the ports for access from lower security zones to higher security zones.

Good question. A good reason for placing these servers in a DMZ, rather than on the inside network, is to prevent attacks that may come from inside or outside your network. Studies have shown that a majority of security incidents are caused by insiders. Doesn't it make sense that you should have the same rules for inside and outside access? Another reason for segregating the servers to a DMZ is to help protect your internal network. For example, there are many attacks that now operate over Port 80, which you need open for your Web server. By putting the Web server in a DMZ, you could leave Port 80 open for the DMZ, but might be able to leave it closed for the internal network. If you had the server on that internal network, you couldn't close that port. You always want to deny everything and then allow as needed. By putting the servers in a DMZ, you have more granularity in applying that security axiom.

More on this topic

This was first published in May 2003

Dig deeper on DMZ Setup and Configuration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close